Bugtraq mailing list archives
Re: preventing sequence number guessing
From: dawagner () phoenix Princeton EDU (David A. Wagner)
Date: Wed, 25 Jan 1995 15:47:23 -0500 (EST)
I've only got one novel idea: instead of using tcp_iss directly for the SYN everytime a new TCP/IP connection is opened, send MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].This sounds awefully expensive. One md5 operation for each new passive or active connection.
On an unloaded Sparc LX, I get ~/scratch/md5 $ time ./md5drivr -t MD5 time trial. Digesting 1000000 8-byte blocks ... done Digest = 2278bf63bfa354c582138cde1233fd15 Time = 7 seconds Speed = 1142857 bytes/second 6.776s real 6.680s user 0.090s system 99% ./md5drivr -t So it takes about 7 u-seconds to MD5 hash a small block on a fairly wimpy Sun. [It's faster on faster boxes, of course.] Since network roundtrip times are on the order of milliseconds, this won't cause any delay for the guy on the other side of the net. On the other hand, what about CPU load on the local machine? Hrmmm... if you receive 1500 connections a second *consistently*, you'll have a 1% slowdown with this addition, which would be bad news... Does anyone receive that many new connection requests a second? [I have no intuition for whether 1500 is a large number or a small one here.] ------------------------------------------------------------------------------- David Wagner dawagner () princeton edu
Current thread:
- Re: Recent troubles der Mouse (Jan 24)
- Re: Recent troubles Darren Reed (Jan 24)
- preventing sequence number guessing David A. Wagner (Jan 24)
- Re: preventing sequence number guessing Darren Reed (Jan 24)
- accpet(3n) under SOlaris 2.4 Jas (Jan 25)
- Re: accpet(3n) under SOlaris 2.4 Casper Dik (Jan 25)
- Re: preventing sequence number guessing Timothy Newsham (Jan 25)
- IP Spoofing and Vendors' attitude Christopher Klaus (May 12)
- Re: IP Spoofing and Vendors' attitude Oliver Friedrichs (Jan 25)
- Re: IP Spoofing and Vendors' attitude Mark (Jan 26)
- Re: preventing sequence number guessing David A. Wagner (Jan 25)
- Re: preventing sequence number guessing Perry E. Metzger (Jan 25)
- <Possible follow-ups>
- Re: Recent troubles der Mouse (Jan 25)