Vulnerability Development mailing list archives
Re: TCP Sequence Prediction
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Wed, 29 Mar 2000 21:04:38 -0800
* Dean Michael Dorman <Dean () PUTNAMCOMPANY COM> [000329 20:11]:
Pardon me if this is a trivial question but after nmapping several servers I find that NT boxen usually come up with: TCP Sequence Prediction: Class=trivial time dependency Difficulty=6 (Trivial joke) I was wondering how to increase the security here (besides removing NT and installing OpenBSD).
(This is a guess, so if someone would correct me if I am wrong, I would very much appreciate it. :) I think the best way to make the tcp sequence more difficult to predict is just that -- use another machine to generate the sequences. Rather than replace all your NT boxen with OpenBSD you could instead place a proxy between your NT boxen and your internet link; one that would rewrite the sequences for you. You could either use application proxies for individual services (such as http) or you could use a NAT box, which (again, guessing ;) re-writes the tcp sequence numbers. If you need to protect the services from an internal session hijacking threat as well as external, then you could hang each NT box on the other side of a dedicated NAT box. I think with this method you could get the cryptographically random sequence numbers of OpenBSD while your users shouldn't notice any differences in how they use the services. HTH -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help
Current thread:
- Re: spoofing the ethernet address (license managers) Michael Wojcik (Mar 27)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 29)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Explorer crashes when it sees this .lnk file Parity Error (Mar 28)
- Re: Explorer crashes when it sees this .lnk file Vladimir Dubrovin (Mar 29)
- Re: Explorer crashes when it sees this .lnk file Mike Furr (Mar 29)
- TCP Sequence Prediction Dean Michael Dorman (Mar 29)
- Re: TCP Sequence Prediction H D Moore (Mar 29)
- Re: TCP Sequence Prediction Seth R Arnold (Mar 29)
- Re: TCP Sequence Prediction Vladimir Dubrovin (Mar 30)
- Re: TCP Sequence Prediction Maxime Rousseau (Mar 30)
- Re: TCP Sequence Prediction Paul Taylor (Mar 30)
- Re: Explorer crashes when it sees this .lnk file AnorEXia (Mar 30)
- Re: Explorer crashes when it sees this .lnk file Vladimir Dubrovin (Mar 30)
- Re: Explorer crashes when it sees this .lnk file AnorEXia (Mar 31)
- Exposures in MQ and CORBA Adam.Levine () BANKOFAMERICA COM (Mar 31)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)
- <Possible follow-ups>
- Re: spoofing the ethernet address (license managers) Michael Wojcik (Mar 29)