[standards-jig] S5B vulnerability
jajcus at bnet.pl
Sun Dec 7 10:00:34 UTC 2003
On Sat, Dec 06, 2003 at 09:52:13PM -0800, Justin Karneges wrote:
> Client A wishes to contact Client B, and sends an S5B iq packet containing
> 184.108.40.206 and 192.168.0.32 as streamhosts. Client C, the attacker,
> simply needs to set his machine's IP address to the same as Client A. When
> Client B tries to connect to 192.168.0.32, it will end up connecting to the
> attacker. Because the SOCKS authentication is not mutual, the attacker does
> not have to worry about providing any credentials to the target.
SOCKS5 Bytestreams don't use regulare SOCKS proxy, but special one,
that uses Jabber <iq/> packets additionaly to SOCKS user/password for
stream authentication. This what attacker would need also to spoof JID
used by ClientA, which is not that easy.
More information about the Standards