Date: Mon, 10 Apr 1995 10:32:15 PDT From: Brian Smith <brians@protools.com> To: freebsd-questions@wcarchive.cdrom.com Subject: Does BSD implement TCP/IP incorrectly? Message-ID: <9504101732.AA16157@dot.protools.com>
next in thread | raw e-mail | index | archive | help
I saw this in an article about the capture of Mitnick done by
Simson Garfinkle. Here is the relavant excerpt:
The attacker who perpetrated the initial break-in of Shimomura's
machine did so with a technique called IP spoofing. Using IP
spoofing, an attacking computer can masquerade as another. It is
also possible, using spoofing, for an attacking computer to com-
mandeer an existing connection between two computers.
Although IP spoofing sounds like a new technique, it has actually
been recognized and openly discussed for years. There are special
provisions in the TCP/IP (Transmission Control Protocol/Internet
Protocol) standard used by the Internet that are designed to make
IP spoofing difficult. The problem is that the IP stack distri-
buted with Berkeley Unix (and now used by most of the computer
industry) doesn't implement the TCP/IP correctly.
I have read the IP, UDP, and TCP RFC's and cannot recall any chunks of
functionality missing in BSD TCP/IP implementation relevant to IP spoofing.
Mr. Garfinkle makes it sound as if BSD TCP/IP is severely flawed. He
admits that he is the not a proponent of UNIX:
Face it: Unix sucks. It's a research operating system that never
should have escaped from the lab. Unix is a lot of fun for hack-
ers (I enjoy it myself from time to time), but it shouldn't be
inflicted on millions of innocent users. It shouldn't be the
basis for mission-critical operations, and it shouldn't make up
the backbone of the Internet or commercial Internet providers.
You might think this point of view biased. I am, after all, the
editor in chief of The UNIX-HATERS Handbook. But the fact is,
most IP-spoofing attacks wouldn't work if Unix implemented the IP
protocols properly. Unix is an insecure operating system. We can
work to make it more secure, but many ongoing computer security
problems result from fundamental flaws in Unix.
I really can't agree with him on his conclusion about releasing UNIX :),
but I am curious about this alleged TCP/IP security hole.
Any ideas?
Brian
(The only really secure computer is is a dysfunctional computer. I still
like using computers. QED I must be a security breach. :)
/-------------------------------------------------------\
| #include <std_disclaimer.h> | brians@ngc.com |
| #undef COMPANY_REPRESENTATIVE | brians@mandor.dev.com |
\-------------------------------------------------------/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9504101732.AA16157>