Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 28 Nov 2007 17:17:58 -0500 (EST)
On Wed, 28 Nov 2007, Darden, Patrick S. wrote:
Hey Darren, A few of my emails didn't make it to the list. The below missive doesn't make much sense since it references "all the reasons I have outlined before".
The list is still moderated, and the moderator approves some stuff immediately, mulls over others, discards some and rejects others. Since the list has always been moderated I'm not sure why folks aren't remembering this...
Here is most relevant missing email: It depends on the MITM exploit. If you just want to monitor a stream of traffic, then you are correct. If, however, you want to hijack the conversation it can be more difficult:
You're assuming a blind attack, a very dangerous assumption. Even with a blind attack, you're assuming that (a) the attacker's prediction efforts are stymied by hard-to-predict sequence numbers and (b) the attacker (or defender) lacking enough bandwidth to brute force the sequence number or the likey sequence number space. In the case of (a) while the research has held up non-predictability in many modern stacks we really don't know if the results for a particular set of hardware and software are predictable given some additional data like platform, OS and initial boot time, other connections to the same stack, etc.
TCP Sequence number included in the packet header. This number is changed for every packet by a prearranged formula, decided on during the TCP handshake stage.
"Prearranged formula decided on during the TCP handshake?" Wanna show me where in the TCP spec there's some forumla negotiation? AFAIR the spec (RFC793) handles the progression of ISN+1 and SND.NXT and RCV.NXT in the specification not the handshake, what am I missing? Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Tina Bird (Nov 27)
- Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Marcin Antkiewicz (Nov 27)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)