Full Disclosure mailing list archives
Re: Core Internet Vulnerable - News at 11:00
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Tue, 20 Apr 2004 23:40:39 +0200 (MET DST)
On Tue, 20 Apr 2004, Michal Zalewski wrote:
That said, kudos to Watson: it is definitely good to see this problem being finally discussed in broad daylight; I think it would be good to see some kludges intended to mitigate it a bit.
Data injection may be thwarted by TCP timestamps (RFC 1323). Timestamps are 32-bits long and received echoed timestamps must correspond to (recently) sent timestamps. The exact implementation would probably be somewhat tricky but I think it might be able to extend the "effective sequence number" by at least 16 bits. A spoofed "timestamp-less" SYN or SYN-ACK packet during the initial 3-way handshake might prevent the use of TCP timestamps but an attacker would have to guess full 32 bits of an ISN (or of two ISNs in the SYN-ACK case). Unfortunately timestamps won't help against spoofed RST packets because existing TCP implementations are supposed not to send them in RST packets. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Core Internet Vulnerable - News at 11:00 Crist J. Clark (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Dave D. Cawley (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Frank Knobbe (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Michal Zalewski (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Exibar (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Alerta Redsegura (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Jade E. Deane (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Alexander Bochmann (Apr 21)
- Re: Core Internet Vulnerable - News at 11:00 Pavel Kankovsky (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Dave D. Cawley (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Exibar (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 james (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Michael Schaefer (Apr 20)
- NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP (was Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00) Chris McCulloh (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Gregory A. Gilliss (Apr 20)
- <Possible follow-ups>
- RE: Core Internet Vulnerable - News at 11:00 David Vincent (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Compton, Rich (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 SturmM (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Jos Osborne (Apr 21)