https://www.webmaster-forums.net/crss/node/1032319 en https://www.webmaster-forums.net/server-management/perp#comment-1189181 <p>-<br /> Technically, the spoofer could use an algorithm to "guess" the sequence number. While, in such a case, local sniffing might not be necessary in order to determine the sequence number, I am not sure how the attacker would divine the correct IP address.</p> <p>I don't think that the perp is guessing anything, because most of my files are fairly small, and download quickly, and because the attacker is using only a couple bogus FIN packets per file, with a 75% success rate.<br /> I am not getting a flood of overwelming numbers of bogus packets, such as would probably be necessary in order for a "guessing algorithm" to accomplish the task.</p> <p> Am i right?</p> <p>Two other things convince me that the culprit is between me and the Bellsouth access point:</p> <p>1 - Most of my customers are not static (instead, they are fairly random public-internet customers) My guess is that the local wire could be sniffed to pick up the customer IP addresses. </p> <p>2 - The bogus FIN packets are disproportionately directed to terminate zip, gz, and other archive file downloads. </p> <p> - rleesBSD</p> <p>-excuse my edits today --- to clean up the faux pas ... hard to write well when you're irritated <img src="https://www.webmaster-forums.net/misc/smileys/eyeroll.png" title="Roll eyes" alt="Roll eyes" class="smiley-content" /></p> Sun, 01 Jan 2006 21:53:56 +0000 rleesBSD comment 1189181 at https://www.webmaster-forums.net