Bugtraq mailing list archives
Not so random TCP initial sequence numbers
From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Wed, 14 Mar 2001 14:31:06 -0700
CERT has published a vulnerability note regarding the ISN vulnerability Guardent has supposedly discovered. You can find the note at http://www.kb.cert.org/vuls/id/498440 It seems the vulnerability lies in the implementation of some TCP/IP stacks that attempt to randomize TCP's initial sequence numbers - ironically for the purpose of not generating predictable ISNs to stop blind IP spoofing of TCP connections. While the ISNs generated by these implementations appear random they apparently are statistically predictable. Given the high-quality work done in the past by Tim Newsham, the researcher that found the problem, I would say vulnerability is real. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Not so random TCP initial sequence numbers Elias Levy (Mar 14)
- Re: Not so random TCP initial sequence numbers Florian Weimer (Mar 16)