Vulnerability Development mailing list archives
Re: TCP/IP ISN Prediction Susceptibility
From: Vitaly Osipov <vosipov () WOLFEGROUP COM>
Date: Tue, 13 Mar 2001 10:08:25 -0000
without any further information it looks like reinventing the wheel - e.g. it is well known that Win NT sequence numbers are easily predictable... Or just have a look at "nmap -O" output - it gives you a degree of predictability of those numbers. So only if they have discovered some really serious flaw in an algorithm of FreeBSD for example (which is considered "truly random" by nmap :) ).... otherwise it's the same type of media hoax as a recent "report" about Russian hackers taking over US ecommerce sites (which in fact is just a restatement of some year old and half-year old microsoft IIS exploits ;) ) regards, W. ----- Original Message ----- From: "Solar, Eclipse" <solareclipse () PHREEDOM ORG> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Monday, March 12, 2001 9:53 PM Subject: [VULN-DEV] TCP/IP ISN Prediction Susceptibility
Quoted from http://www.guardent.net/pr2001-03-12-ips.htmlWaltham, MA -- March 12, 2001 -- Guardent, Inc., the leading provider of security and privacy programs for Global 2000 organizations, today released new information regarding a significant weakness in many implementations of the Transmission Control Protocol (TCP) that affects a large population of Internet and network-connected devices. Tim Newsham, a senior research scientist at Guardent, discovered a method by which malicious users can close down or "hijack" TCP-based sessions on the Internet or on corporate networks. The research, titled "ISN Prediction Susceptibility", exposes a weakness in the generation of TCP Initial Sequence Numbers, which are used to maintain session information between network devices. Prior to Guardent's discovery, it was believed that TCP sessions were sufficiently protected from attacks by the random generation of initial sequence numbers. It is now known that these numbers are guessable on many platforms, with a high degree of accuracy. The ability to accurately guess sequence numbers, combined with readily available session information, allows for a variety of sophisticated attacks on computer networks.It seems that Guardent claims that the pseudo-random ISN generation algorithm implemented in most TCP/IP stacks is flawed. Does anybody have more information about this? Solar Eclipse
Current thread:
- TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 12)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Holger van Koll (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Olaf Kirch (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Mike Sues (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Dom De Vitto (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Vitaly Osipov (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Fedyk (Mar 14)
- <Possible follow-ups>
- Re: TCP/IP ISN Prediction Susceptibility Eric D. Williams (Mar 13)