IPSPOOF.C (Spoofing source)
http://www.ilf.net/Toast/files/unix/ipspoof.c
This site contains both spoofing code, an analysis of that spoofing code
and a good description of how to implement such attacks:
http://main.succeed.net/~coder/spoofit/spoofit.html
A Weakness in the 4.2BSD Unix TCP/IP Software
Technical Report, AT&T Bell Laboratories, February 1985.
ftp://research.att.com/dist/internet_security/117.ps.Z
"Sequence Number Attacks" by Farrow:
http://www.wcmh.com/uworld/archives/95/security/001.txt.html
Bellovin on "Security Problems in the TCP/IP Protocol Suite":
ftp://research.att.com/dist/internet_security/ipext.ps.Z
Defending Against Sequence Number Attacks
S. Bellovin, Request for Comments: 1948. AT&T Research. May 1996
http://sunsite.auc.dk/RFC/rfc/rfc1948.html
Firewalls-Digest V5 #20
(Protracted discussion on-list)
http://tss.ca/~bob/Mail.Archive/firewalls-digest/0007.html
Shimomura's analysis:
http://www.wcmh.com/uworld/archives/95/security/001.add.html
BSDI's answer:
http://solaris1.mysolution.com/~rezell/files/text/bsdsyninfo.txt
Mail archive discussion (with fairly good explanation):
http://solaris1.mysolution.com/~rezell/files/text/spoofing.txt
INTERNET HOLES - ELIMINATING IP ADDRESS FORGERY
Decent discussion on how to prevent the attack from MANAGEMENT ANALYTICS
http://solaris1.mysolution.com/~rezell/files/text/ipaddressforgery.txt
Markoff's article:
http://www.geek-girl.com/bugtraq/1995_1/0128.html
ASK WOODY about SPOOFING ATTACKS
Bill Woodcock, Zocalo Engineering (woody@zocalo.com)
Good document that describes the anatomy of a spoofing attack:
http://www.netsurf.com/nsf/v01/01/local/spoof.html
TCP/IP Spoofing Fundamentals, N. Hastings (Iowa State University, USA)
and P. Mclean
(Andersen Consulting) (IEEE IPCCC'96, IEEE International Phoenix
Conference on Computers and Communications, March 27-29, 1996, Phoenix,
Arizona, USA)
Tuning Digital UNIX against TCP SYN Flooding and IP Spoofing Attacks
http://www.digital.com/info/internet/document/ias/avoidtcpsynattack.html
TCP SYN Flooding and IP Spoofing Attacks (3 Com & CERT)
http://www.3com.com/nsc/certwarn.html
Steven M. Bellovin and Michael Merritt (Brief mention of spoofed
sessions)
Limitations of the Kerberos Authentication System
USENIX Conference Proceedings, pp. 253-267, USENIX, Winter 1991.
ftp://research.att.com/dist/internet_security/kerblimit.usenix.ps
Matt Blaze
Protocol Failure in the Escrowed Encryption Standard
Technical Report, AT&T Bell Laboratories, June 1994.
ftp://research.att.com/dist/mab/eesproto.ps
Marcus Ranum
Making Your Enterprise Network Safe: How to Plan Internet Security and
Firewalls
http://penta.ufrgs.br/gereseg/t6am.txt
(This has been a public service from the folks at http://www.gnss.com)
Travis Hassloch wrote:
>
> In message <Pine.SUN.3.93.970824112505.11368S-100000@ramon>, Rafi Sadowsky writ
> es:
> >Other sources:
>
> Laurent Joncheray, "A Simple Attack Against TCP",
> Proceedings of the Fifth USENIX UNIX Security Symposium, page 7
>
> (proper reading order is chronological; Morris -> Bellovin -> Joncheray)
>
> Note that the old "hotwired" article that started this thread
> slightly confuses IP spoofing and splicing.