Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Not so random TCP initial sequence numbers

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Wed, 14 Mar 2001 14:31:06 -0700
CERT has published a vulnerability note regarding the ISN vulnerability
Guardent has supposedly discovered. You can find the note at
http://www.kb.cert.org/vuls/id/498440

It seems the vulnerability lies in the implementation of some TCP/IP
stacks that attempt to randomize TCP's initial sequence numbers - ironically
for the purpose of not generating predictable ISNs to stop blind IP spoofing
of TCP connections. While the ISNs generated by these implementations appear
random they apparently are statistically predictable.

Given the high-quality work done in the past by Tim Newsham, the researcher
that found the problem, I would say vulnerability is real.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: