Vulnerability Development mailing list archives

Re: TCP/IP ISN Prediction Susceptibility

From: Holger van Koll <holger () VANKOLL DE>
Date: Tue, 13 Mar 2001 21:29:18 +0100

"Solar, Eclipse" wrote:


Quoted from http://www.guardent.net/pr2001-03-12-ips.html


...

I´d like to quote something else:

"For example, utilizing a common Internet or corporate
network connection, an attacker exploiting this weakness could perform
operations such as:

Session hijacking, where a user's connection to a computer system is
taken over by an attacker, who then can operate under the authorized
user's identity in applications to which that user has access (such as
financial applications, Internet infrastructure management, etc.) "


Could somebody explain how session hijacking is related to ISN-guessing?
"session" means it is already established. ISN are done.

If I am able to sniff the session, I dont need ISN-guessing.
I can insert pakets based on the sniffed SN.

If I can´t (and therefor ISN-guessing would be helpful) it is IMHO of no
use
for already established sessions.

Can somebody shed some light on this?

Regards, Holger

Current thread:

TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 12)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
  - Re: TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Holger van Koll (Mar 13)
  - Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
    - Re: TCP/IP ISN Prediction Susceptibility Olaf Kirch (Mar 14)
    - Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Sues (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Dom De Vitto (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Vitaly Osipov (Mar 13)
  - Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Fedyk (Mar 14)
- <Possible follow-ups>
- Re: TCP/IP ISN Prediction Susceptibility Eric D. Williams (Mar 13)