[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please send cash

> While HotJava prevents applets from actively opening connections that
> violate the user-selected security policy, it allows an applet to accept
> connections from anywhere.  At this point, an applet only has to use any one
> of a number of channels to communicate where it is, and have the remote end
> do the active open.

What if I start a Java applet then send it a faked TCP/IP packet from another 
host? Can I hotwire an outgoing connection that appears to be from the victim 

TCP/IP connections are not really all that directed. It is only the startup 
phase that is trully directed - someone has to start a conversation.

Planned sequence of events :

	Send out Java applet to Alice
	Send Bob a connection request packet on port 22
	Alice's Java applet is accepting connections.
	Send Alice a "request" packet claiming to come from port 22
	Should now have an outgoing connection.

???? I'm not a TCP/IP hacker (much). I'll ask our guru tommorow after we
are done with the NSA.