Bugtraq mailing list archives
Re: preventing sequence number guessing
From: newsham () aloha net (Timothy Newsham)
Date: Wed, 25 Jan 1995 10:10:25 -1000 (HST)
I've only got one novel idea: instead of using tcp_iss directly for the SYN everytime a new TCP/IP connection is opened, send MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].
This sounds awefully expensive. One md5 operation for each new passive or active connection.
MD5 to predict sequence numbers. MD5 is quite fast (is it fast enough?) and is completely exportable. Code for MD5 is available
This is a good question. How many connections do you expect per second (both incoming and outgoing)? How much of a load will this place on the rest of the machine?
Current thread:
- Re: Recent troubles der Mouse (Jan 24)
- Re: Recent troubles Darren Reed (Jan 24)
- preventing sequence number guessing David A. Wagner (Jan 24)
- Re: preventing sequence number guessing Darren Reed (Jan 24)
- accpet(3n) under SOlaris 2.4 Jas (Jan 25)
- Re: accpet(3n) under SOlaris 2.4 Casper Dik (Jan 25)
- Re: preventing sequence number guessing Timothy Newsham (Jan 25)
- IP Spoofing and Vendors' attitude Christopher Klaus (May 12)
- Re: IP Spoofing and Vendors' attitude Oliver Friedrichs (Jan 25)
- Re: IP Spoofing and Vendors' attitude Mark (Jan 26)
- Re: preventing sequence number guessing David A. Wagner (Jan 25)
- Re: preventing sequence number guessing Perry E. Metzger (Jan 25)
- <Possible follow-ups>
- Re: Recent troubles der Mouse (Jan 25)