Vulnerability Development mailing list archives
Re: TCP/IP ISN Prediction Susceptibility
From: Mike Sues <msues () cinnabar ca>
Date: Tue, 13 Mar 2001 09:52:52 -0800
Both, - the ability to hijack or muck with sessions if sequence numbers can be predicted and, - the generation of weak ISN's by OS's (e.g. Windows NT) have been known for some time. What is new here ? Mike Sues Senior Network Security Analyst Cinnabar Networks Inc http://www.cinnabar.ca ph :613.720.4842 fax:613.236.2506
-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Solar, Eclipse Sent: Monday, March 12, 2001 1:54 PM To: VULN-DEV () SECURITYFOCUS COM Subject: TCP/IP ISN Prediction Susceptibility Quoted from http://www.guardent.net/pr2001-03-12-ips.htmlWaltham, MA -- March 12, 2001 -- Guardent, Inc., the leading provider of security and privacy programs for Global 2000 organizations, today released new information regarding a significant weakness in many implementations of the Transmission Control Protocol (TCP) that affects a large population of Internet and network-connected devices. Tim Newsham, a senior research scientist at Guardent, discovered a method by which malicious users can close down or "hijack" TCP-based sessions on the Internet or on corporate networks. The research, titled "ISN Prediction Susceptibility", exposes a weakness in the generation of TCP Initial Sequence Numbers, which are used to maintain session information between network devices. Prior to Guardent's discovery, it was believed that TCP sessions were sufficiently protected from attacks by the random generation of initial sequence numbers. It is now known that these numbers are guessable on many platforms, with a high degree of accuracy. The ability to accurately guess sequence numbers, combined with readily available session information, allows for a variety of sophisticated attacks on computer networks.It seems that Guardent claims that the pseudo-random ISN generation algorithm implemented in most TCP/IP stacks is flawed. Does anybody have more information about this? Solar Eclipse
Current thread:
- TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 12)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Holger van Koll (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Olaf Kirch (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Mike Sues (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Dom De Vitto (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Vitaly Osipov (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Fedyk (Mar 14)
- <Possible follow-ups>
- Re: TCP/IP ISN Prediction Susceptibility Eric D. Williams (Mar 13)