Bugtraq mailing list archives
RE: A new TCP/IP blind data injection technique?
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Thu, 11 Dec 2003 10:21:32 -0800
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Thursday, December 11, 2003 12:06 PM On Thu, 11 Dec 2003 07:37:02 GMT, Nick Cleaton said:Even if the attacker knows or controls every other byte in the packet and thus controls the checksum before the final 16 bits go in, the final checksum is as unpredictable as those 16 bits.
However, it's a trivial matter to take the original text, the replacement text, and compute an original such that the checksum comes out "the same".
True, but irrelevant to the problem at hand, where the attacker has neither the original checksum nor the original text. Michal's question was whether an attacker who controls - the checksum - part, but not all, of the text can set the checksum so as to have a better than 1/65536 possibility of having it correct. Nick's response was no, if the attacker cannot control as little as 16 bits of the text. As you pointed out yourself, any partial checksum value can be mapped to any final checksum value by adding the final two bytes. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- Re: A new TCP/IP blind data injection technique?, (continued)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 11)
- Re[2]: A new TCP/IP blind data injection technique? Marius Huse Jacobsen (Dec 13)
- Breaking the checksum (a new TCP/IP blind data injection technique) Michal Zalewski (Dec 15)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 11)
- Re: A new TCP/IP blind data injection technique? Kris Kennaway (Dec 11)
- Re: A new TCP/IP blind data injection technique? Casper Dik (Dec 11)
- RE: A new TCP/IP blind data injection technique? David Gillett (Dec 11)
- Message not available
- Message not available
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
- Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
- Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
- Message not available
- RE: A new TCP/IP blind data injection technique? Michael Wojcik (Dec 11)
- Re: A new TCP/IP blind data injection technique? stanislav shalunov (Dec 12)