Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Introduction: IP Spoofing
By: Suhas A Desai
An article on "Security Problems in the TCP/IP Protocol Suite" by S.M.Bellovin in 1989 initially explored IP Spoofing attacks . He described how Robert Morris, creator of the now infamous Internet Worm, figured out how TCP created sequence numbers and forged a TCP packet sequence.
This TCP packet included the destination address of his victim and using as IP spoofing attack Morris was able to obtain root access to his targeted system without a User ID or password.
Introduction:
IP spoofing is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. There are a few variations on the types of attacks that using IP spoofing.
1.non-blind spoofing
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine.
2.Blind spoofing
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.
READ ENTIRE ARTICLE:
features/features/introduction-ip-spoofing
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Debian | ||
Debian: New bluez-utils packages fix arbitrary command execution | ||
23rd, August, 2005
Updated package. advisories/debian/debian-new-bluez-utils-packages-fix-arbitrary-command-execution |
||
Debian: New Mozilla Thunderbird packages fix several vulnerabilities | ||
23rd, August, 2005
Updated package. advisories/debian/debian-new-mozilla-thunderbird-packages-fix-several-vulnerabilities-8356 |
||
Debian: New mysql packages fix insecure temporary file | ||
24th, August, 2005
Updated package. advisories/debian/debian-new-mysql-packages-fix-insecure-temporary-file |
||
Fedora | ||
Fedora Core 4 Update: epiphany-1.6.5-1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-epiphany-165-1-01-23-00-120132 |
||
Fedora Core 4 Update: system-config-netboot-0.1.26-1_FC4 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-system-config-netboot-0126-1fc4-01-24-00-120133 |
||
Fedora Core 3 Update: kdbg-2.0.0-0.fc3.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-kdbg-200-0fc31-01-24-00-120134 |
||
Fedora Core 4 Update: doxygen-1.4.4-0.fc4.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-doxygen-144-0fc41-01-25-00-120135 |
||
Fedora Core 4 Update: kdbg-2.0.0-0.fc4.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-kdbg-200-0fc41-01-26-00-120136 |
||
Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.2 | ||
18th, August, 2005
Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The script must be manually invoked. advisories/fedora/fedora-core-4-update-kdeedu-342-0fc42-01-26-00-120137 |
||
Fedora Core 3 Update: ncpfs-2.2.4-4.FC3.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-ncpfs-224-4fc31-01-27-00-120138 |
||
Fedora Core 3 Update: gaim-1.5.0-1.fc3 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-gaim-150-1fc3-01-28-00-120139 |
||
Fedora Core 4 Update: gaim-1.5.0-1.fc4 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-gaim-150-1fc4-01-29-00-120140 |
||
Fedora Core 3 Update: system-config-bind-4.0.0-30 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-system-config-bind-400-30-01-29-00-120141 |
||
Fedora Core 4 Update: system-config-bind-4.0.0-30_FC4 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-system-config-bind-400-30fc4-01-30-00-120142 |
||
Fedora Core 3 Update: pcre-4.5-3.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-pcre-45-31-01-31-00-120143 |
||
Fedora Core 4 Update: tar-1.15.1-8.FC4 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-tar-1151-8fc4-01-31-00-120144 |
||
Fedora Core 4 Update: gstreamer-plugins-0.8.8-9 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-gstreamer-plugins-088-9-01-32-00-120145 |
||
Fedora Core 4 Update: vnc-4.1.1-10.1 | ||
18th, August, 2005
This package disables the render patch, which was causing problems when using the loadable X module. advisories/fedora/fedora-core-4-update-vnc-411-101-01-33-00-120146 |
||
Fedora Core 3 Update: netpbm-10.28-1.FC3.2 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-netpbm-1028-1fc32-01-33-00-120147 |
||
Fedora Core 4 Update: metacity-2.10.3-1 | ||
18th, August, 2005
This update of metacity fixes the behavior of minimized transient dialogs for some applications. advisories/fedora/fedora-core-4-update-metacity-2103-1-01-34-00-120148 |
||
Fedora Core 4 Update: cups-1.1.23-15.1 | ||
18th, August, 2005
These updated packages fix a problem handling PDF files that could have security implications. advisories/fedora/fedora-core-4-update-cups-1123-151-01-35-00-120149 |
||
Fedora Core 3 Update: cups-1.1.22-0.rc1.8.6 | ||
18th, August, 2005
These updated packages fix a problem handling PDF files that could have security implications. advisories/fedora/fedora-core-3-update-cups-1122-0rc186-01-35-00-120150 |
||
Fedora Core 4 Update: pygtk2-2.6.2-0.fc4.1 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-pygtk2-262-0fc41-01-36-00-120151 |
||
Fedora Core 4 Update: shadow-utils-4.0.7-10.FC4 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-shadow-utils-407-10fc4-01-37-00-120152 |
||
Fedora Core 4 Update: netpbm-10.28-1.FC4.2 | ||
18th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-netpbm-1028-1fc42-01-37-00-120153 |
||
Fedora Core 4 Update: slocate-2.7-22.fc4.1 | ||
22nd, August, 2005
A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. advisories/fedora/fedora-core-4-update-slocate-27-22fc41-13-38-00-120166 |
||
Fedora Core 3 Update: slocate-2.7-12.fc3.1 | ||
22nd, August, 2005
A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. advisories/fedora/fedora-core-3-update-slocate-27-12fc31-13-38-00-120167 |
||
Fedora Core 4 Update: MyODBC-2.50.39-25.FC4.1 | ||
22nd, August, 2005
Fix a problem with extra rows inserted because of mistaken pre-execution of a query. See also http://bugs.mysql.com/bug.php advisories/fedora/fedora-core-4-update-myodbc-25039-25fc41-13-39-00-120168 |
||
Fedora Core 3 Update: MyODBC-2.50.39-25.FC3.1 | ||
22nd, August, 2005
Fix a problem with extra rows inserted because of mistaken pre-execution of a query. See also http://bugs.mysql.com/bug.php advisories/fedora/fedora-core-3-update-myodbc-25039-25fc31-13-40-00-120169 |
||
Fedora Core 3 Update: doxygen-1.4.4-0.fc3.1 | ||
22nd, August, 2005
update to 1.4.4 advisories/fedora/fedora-core-3-update-doxygen-144-0fc31-13-40-00-120170 |
||
Fedora Core 4 Update: xpdf-3.01-0.FC4.1 | ||
22nd, August, 2005
update to 3.01 advisories/fedora/fedora-core-4-update-xpdf-301-0fc41-13-41-00-120171 |
||
Fedora Core 3 Update: xpdf-3.01-0.FC3.1 | ||
22nd, August, 2005
update to 3.01 advisories/fedora/fedora-core-3-update-xpdf-301-0fc31-13-42-00-120172 |
||
Fedora Core 4 Update: libgal2-2.4.3-1.fc4 | ||
22nd, August, 2005
Fix for crash when selecting type of server in Evolution's account editor advisories/fedora/fedora-core-4-update-libgal2-243-1fc4-13-43-00-120173 |
||
Fedora Core 3 Update: | ||
22nd, August, 2005
It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for everyone else too. advisories/fedora/fedora-core-3-update-13-43-00-120174 |
||
Fedora Core 4 Update: | ||
22nd, August, 2005
It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. advisories/fedora/fedora-core-4-update-13-44-00-120175 |
||
Fedora Core 3 Update: dhcpv6-0.10-14_FC3 | ||
22nd, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-dhcpv6-010-14fc3-14-28-00-120176 |
||
Fedora Core 4 Update: dhcpv6-0.10-14_FC4 | ||
22nd, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-dhcpv6-010-14fc4-14-28-00-120177 |
||
Fedora Core 3 Update: system-config-netboot-0.1.30-1_FC3 | ||
22nd, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-system-config-netboot-0130-1fc3-14-29-00-120178 |
||
Fedora Core 4 Update: system-config-netboot-0.1.30-1_FC4 | ||
22nd, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-system-config-netboot-0130-1fc4-14-30-00-120179 |
||
Fedora Core 4 Update: diskdumputils-1.1.9-2 | ||
22nd, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-diskdumputils-119-2-15-49-00-120180 |
||
Fedora Core 3 Update: kdebase-3.4.2-0.fc3.3 | ||
23rd, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-kdebase-342-0fc33-13-52-00-120189 |
||
Fedora Core 4 Update: bind-9.3.1-10_FC4 | ||
23rd, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-bind-931-10fc4-13-53-00-120190 |
||
Fedora Core 4 Update: cvs-1.11.19-9 | ||
23rd, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-cvs-11119-9-13-53-00-120191 |
||
Fedora Core 3 Update: cvs-1.11.17-7.FC3 | ||
23rd, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-cvs-11117-7fc3-13-54-00-120192 |
||
Fedora Core 3 Update: hwdata-0.146.1-1 | ||
23rd, August, 2005
This fixes a bug where some MegaRAID controllers were incorrectly mapped to the megaraid_mbox driver. advisories/fedora/fedora-core-3-update-hwdata-01461-1-13-55-00-120193 |
||
Fedora Core 3 Update: eject-2.1.1-0.fc3.2 | ||
24th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-eject-211-0fc32-11-48-00-120202 |
||
Fedora Core 4 Update: eject-2.1.1-0.fc4.1 | ||
24th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-eject-211-0fc41-11-49-00-120203 |
||
Fedora Core 3 Update: pcre-4.5-3.1.1.fc3 | ||
24th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-pcre-45-311fc3-11-49-00-120204 |
||
Fedora Core 4 Update: pcre-5.0-4.1.fc4 | ||
24th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-pcre-50-41fc4-11-50-00-120205 |
||
Fedora Core 3 Update: epiphany-1.4.9-0 | ||
24th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-epiphany-149-0-14-02-00-120206 |
||
Gentoo | ||
Gentoo: Kismet Multiple vulnerabilities | ||
19th, August, 2005
Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code. |
||
Gentoo: Adobe Reader Buffer Overflow | ||
19th, August, 2005
Adobe Reader is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code. |
||
Gentoo: Evolution Format string vulnerabilities | ||
23rd, August, 2005
Evolution is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code. |
||
Gentoo: PEAR XML-RPC, phpxmlrpc New PHP script injection | ||
24th, August, 2005
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands. |
||
Gentoo: TikiWiki, eGroupWare Arbitrary command execution | ||
24th, August, 2005
TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to arbitrary command execution. |
||
Gentoo: Apache 2.0 Denial of Service vulnerability | ||
25th, August, 2005
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. |
||
Gentoo: Tor Information disclosure | ||
25th, August, 2005
A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality. |
||
Red Hat | ||
RedHat: Low: netpbm security update | ||
22nd, August, 2005
Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-netpbm-security-update-RHSA-2005-743-01 |
||
RedHat: Low: vim security update | ||
22nd, August, 2005
Updated vim packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-vim-security-update-21849 |
||
RedHat: Low: slocate security update | ||
22nd, August, 2005
An updated slocate package that fixes a denial of service issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-slocate-security-update-97578 |
||
RedHat: Critical: elm security update | ||
23rd, August, 2005
An updated elm package is now available that fixes a buffer overflow issue for Red Hat Enterprise Linux 2.1 AS and AW. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-elm-security-update-RHSA-2005-755-01 |
||