Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 28 Nov 2007 17:17:58 -0500 (EST)

On Wed, 28 Nov 2007, Darden, Patrick S. wrote:

Hey Darren,

A few of my emails didn't make it to the list.  The below
missive doesn't make much sense since it references
"all the reasons I have outlined before".


The list is still moderated, and the moderator approves some stuff 
immediately, mulls over others, discards some and rejects others.  Since 
the list has always been moderated I'm not sure why folks aren't 
remembering this...

Here is most relevant missing email:

It depends on the MITM exploit.  If you just want to monitor
a stream of traffic, then you are correct.  If, however, you
want to hijack the conversation it can be more difficult:


You're assuming a blind attack, a very dangerous assumption.  Even with a 
blind attack, you're assuming that (a) the attacker's prediction efforts 
are stymied by hard-to-predict sequence numbers and (b) the attacker 
(or defender) lacking enough bandwidth to brute force the sequence number 
or the likey sequence number space.

In the case of (a) while the research has held up non-predictability in 
many modern stacks we really don't know if the results for a particular 
set of hardware and software are predictable given some additional data 
like platform, OS and initial boot time, other connections to the same 
stack, etc.

TCP Sequence number included in the packet header. This number is
changed for every packet by a prearranged formula, decided on during the
TCP handshake stage.


"Prearranged formula decided on during the TCP handshake?"

Wanna show me where in the TCP spec there's some forumla negotiation?  
AFAIR the spec (RFC793)  handles the progression of ISN+1 and SND.NXT and 
RCV.NXT in the specification not the handshake, what am I missing?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Tina Bird (Nov 27)
    - Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Marcin Antkiewicz (Nov 27)
    - Re: Firewalls that generate new packets.. ArkanoiD (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)

(Thread continues...)