Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2466
Views
0
Helpful
2
Replies

Blind vs. Non-blind IP Spoofing

Go to solution
wardwolfram
Level 1
Level 1

‎04-06-2022 10:35 AM

I am reading about non-blind spoofing which defines that a hackers have access to the subnet so that they can sniff sequence and acknowledgement numbers to hijack a TCP connection or do malicious things.

 

How does a hacker sniff the seq/ack numbers?  Does not a switch forward packets to and from each host through their connected ports?  If so, how does the hacker intercept this traffic?

 

Thanks,

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-06-2022 02:59 PM 

How does a hacker sniff the seq/ack numbers?  Does not a switch forward packets to and from each host through their connected ports?  If so, how does the hacker intercept this traffic?

There are several tools available once a man in the middle sniff the traffic, he stay in the same subnet means he can sniff the traffic all layer 2 domain of that subnet. when I was learning CEH this is from my notes :

 

The Attacker, Receiver and Victim are in the same network segment (layer 2). Attacker has to predict TCP sequence numbers and sends towards the Receiver last ACK packet before Victim do that. When the Receiver gets last ACK TCP packet starts to trust that IP address of the Victim has MAC address of Attacker. From now on if the Receiver wants to communicate with the IP address which belonges to Victim, unconsciously sends packets towards the Attacker. 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-06-2022 02:59 PM 

How does a hacker sniff the seq/ack numbers?  Does not a switch forward packets to and from each host through their connected ports?  If so, how does the hacker intercept this traffic?

There are several tools available once a man in the middle sniff the traffic, he stay in the same subnet means he can sniff the traffic all layer 2 domain of that subnet. when I was learning CEH this is from my notes :

 

The Attacker, Receiver and Victim are in the same network segment (layer 2). Attacker has to predict TCP sequence numbers and sends towards the Receiver last ACK packet before Victim do that. When the Receiver gets last ACK TCP packet starts to trust that IP address of the Victim has MAC address of Attacker. From now on if the Receiver wants to communicate with the IP address which belonges to Victim, unconsciously sends packets towards the Attacker. 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
wardwolfram
Level 1
Level 1
In response to balaji.bandi

‎04-07-2022 11:45 AM

Thanks Balaji.

 

My issue was how to get around the switch forwarding traffic only between two clients (since the attacker is on a third port, it would not be able to intercept this traffic.)  I see that a MITM must be setup first such as through ARP poisoning where the traffic can be intercepted and then forwarded to the final destination.

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents