Bugtraq mailing list archives
Re: NT4-SP3 Sequence Prediction
From: smb () RESEARCH ATT COM (Steve Bellovin)
Date: Wed, 9 Sep 1998 15:27:05 -0400
Relying on a fast counter for protection is fruitless -- I showed this in a 1989 paper. Look at it this way -- given some idea of the mean increment per unit time, trying to find the exact right guess is like trying to exploit a race condition. Usually you lose -- but winning just once is enough. Furthermore, the idea of multiple guesses per attempt appears to be sound -- from a quick glance at the TCP spec, an erroneous ACK will not cause any harm. The best solution, of course, is to abandon the fatally-flawed notion of address-based authentication in the first place. If you must use it, use a per-connection time base, per RFC 1948.
Current thread:
- Re: NT4-SP3 Sequence Prediction nate () ROOT ORG (Sep 09)
- Re: NT4-SP3 Sequence Prediction Mark Gansle (Sep 09)
- SSH 1.2.25/HP-UX 10.20 Vulnerability Security Research Team (Sep 10)
- Re: SSH 1.2.25/HP-UX 10.20 Vulnerability Joao Miguel Neves (Sep 10)
- <Possible follow-ups>
- Re: NT4-SP3 Sequence Prediction Steve Bellovin (Sep 09)