Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalls that generate new packets..

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 29 Nov 2007 23:40:03 -0500 (EST)
On Thu, 29 Nov 2007, Darden, Patrick S. wrote:


You're assuming a blind attack, a very dangerous assumption.  Even with a 
blind attack, you're assuming that (a) the attacker's prediction efforts 
are stymied by hard-to-predict sequence numbers and (b) the attacker 
(or defender) lacking enough bandwidth to brute force the sequence number 
or the likey sequence number space.


I am not assuming a blind attack.  I was positing an example situation
that highlighted the importance of TCP sequence numbers.  Please do not
put words in my mouth.


But the predictability of ISNs are only important in blind attacks- if the 
attacker can sniff the ISNs, then the sequence numbers have no 
value to a connection under attack as far as I can tell.  So if your 
scenario doesn't assume a blind attack what am I missing?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: