Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP/IP ISN Prediction Susceptibility

From: "Solar, Eclipse" <solareclipse () PHREEDOM ORG>
Date: Tue, 13 Mar 2001 14:35:43 -0600
On Tue, Mar 13, 2001 at 09:55:01AM -0800, Crist Clark wrote:

It seems that Guardent claims that the pseudo-random ISN
generation algorithm implemented in most TCP/IP stacks
is flawed. Does anybody have more information about this?


Maybe this has something to do with it or vice-versa,

  http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml


I still don't see the news here. Nmap sequence prediction
has been around for ages. It seems odd that Cisco (Guardent?)
has just recently discovered this.

This is what nmap reports for a bunch of cisco switches,
with different versions of IOS.

Cisco 6500:

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=1124 (Medium)

Cisco 5000:

TCP Sequence Prediction: Class=64K rule
                         Difficulty=1 (Trivial joke)

Cisco 3000:

TCP Sequence Prediction: Class=trivial time dependency
                         Difficulty=3 (Trivial joke)

Cisco 7200:

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=789 (Medium)

Cisco 4000:

TCP Sequence Prediction: Class=64K rule
                         Difficulty=1 (Trivial joke)


Solar Eclipse
solareclipse () phreedom org
Previous By Date Next
Previous By Thread Next

Current thread: