Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Darden, Patrick S." <darden () armc org>
Date: Thu, 29 Nov 2007 08:52:59 -0500



 
Paul D. Robertson

The list is still moderated, and the moderator approves some stuff 
immediately, mulls over others, discards some and rejects others.  Since 
the list has always been moderated I'm not sure why folks aren't 
remembering this...


Paul, you told me this off the list, plus a lot more.  And I agreed to
abide by your rules.  My message was not a reprimand, it was an explanation
of why one of my messages appeared a bit retarded.

My message was not meant to be implied criticism, 

As I told you privately, I understand that you are the moderator and I
understand why you filterd my messages to the list, even if I do not
think you were right.  I also acknowledge the need for a moderator
as everyone thinks they are right and their messages are perfect.  And
some of them need to be pulled for sure.

You're assuming a blind attack, a very dangerous assumption.  Even with a 
blind attack, you're assuming that (a) the attacker's prediction efforts 
are stymied by hard-to-predict sequence numbers and (b) the attacker 
(or defender) lacking enough bandwidth to brute force the sequence number 
or the likey sequence number space.


I am not assuming a blind attack.  I was positing an example situation
that highlighted the importance of TCP sequence numbers.  Please do not
put words in my mouth.

"Prearranged formula decided on during the TCP handshake?"

Wanna show me where in the TCP spec there's some forumla negotiation?  
AFAIR the spec (RFC793)  handles the progression of ISN+1 and SND.NXT and 
RCV.NXT in the specification not the handshake, what am I missing?


Not my words.  However, I think you understand things very well:
random number--random number+1; then rinse and repeat isn't it?  
Wikipedia has a very vague reference to it as: "If the SYN flag 
is present then this is the initial sequence number and the first 
data byte is the sequence number plus 1."

I don't have my reference books handy, unfortunately.  But that is how
I remember it....
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Tina Bird (Nov 27)
    - Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Marcin Antkiewicz (Nov 27)
    - Re: Firewalls that generate new packets.. ArkanoiD (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)

(Thread continues...)