Bugtraq mailing list archives
Re: Borderware predictable initial TCP
From: Roy.Hills () NTA-MONITOR COM (Roy Hills)
Date: Wed, 9 Sep 1998 11:21:13 +0100
At 20:31 08/09/98 -0600, Ivan Arce,CORE SDI wrote:
Hmmm NT+SP3, Pentium 233Mhz How exploitable does this look: [List of consistent, predictable TCP sequence numbers deleted]
Looks like I was too quick to dismiss a one-per-millisecond sequence as "not predictable in the real world"! Thanks for correcting me. I've also got a feeling that it may be possible to send multiple ACKs to the server and the incorrect ones might just get ignored - if this is true, then it would be possible to "bracket" the predicted sequence no. with multiple ACKs to increase the chance of success. Does anyone know if this is really the case? Roy Hills NTA Monitor Ltd -- Roy Hills Tel: 01634 721855 NTA Monitor Ltd FAX: 01634 721844 6 Beaufort Court, Medway City Estate, Email: Roy.Hills () nta-monitor com Rochester, Kent ME2 4FB, UK WWW: http://www.nta-monitor.com/
Current thread:
- Re: Borderware predictable initial TCP Ulf Munkedal (Sep 02)
- Re: Borderware predictable initial TCP Roy Hills (Sep 03)
- Re: Borderware predictable initial TCP Ivan Arce,CORE SDI (Sep 08)
- Re: Borderware predictable initial TCP Roy Hills (Sep 09)
- Re: Borderware predictable initial TCP Patrick (Sep 09)
- Re: Borderware predictable initial TCP Ivan Arce,CORE SDI (Sep 08)
- Win NT40 seq pred. Was: Borderware predictable initial TCP Ulf Munkedal (Sep 09)
- L0pht Answering Machine Advisory Dr. Mudge (Sep 09)
- Re: Borderware predictable initial TCP Roy Hills (Sep 03)