Abstract
This paper describes an active attack against the Transport Control
Protocol (TCP) which allows a cracker to redirect the TCP stream through
his machine thereby permitting him to bypass the protection offered by such
a system as a one-time password[SKEY] or by ticketing authentication
[Kerberos]. The TCP COnnection is vulnerable to anyone with a TCP packet
sniffer and generator locates on the path followed by the connection. Some
schemes to detect this attack are presented as well as some methods of
prevention and some interesting details of the TCP protocol behaviors.
