Re: TCP/IP ISN Prediction Susceptibility

[Mike Fedyk <mikef () MATCHMAIL COM>]

On Mon, Mar 12, 2001 at 03:53:34PM -0600, Solar, Eclipse wrote:
> Quoted from http://www.guardent.net/pr2001-03-12-ips.html
>
> > Waltham, MA -- March 12, 2001 -- Guardent, Inc., the leading
> > provider of security and privacy programs for Global 2000
> > organizations, today released new information regarding a
> > significant weakness in many implementations of the
> > Transmission Control Protocol (TCP) that affects a large
> > population of Internet and network-connected devices.
> >
> > Tim Newsham, a senior research scientist at Guardent,
> > discovered a method by which malicious users can close
> > down or "hijack" TCP-based sessions on the Internet or
> > on corporate networks. The research, titled "ISN Prediction
> > Susceptibility", exposes a weakness in the generation of
> > TCP Initial Sequence Numbers, which are used to maintain
> > session information between network devices.
> >
> > Prior to Guardent's discovery, it was believed that TCP
> > sessions were sufficiently protected from attacks by the
> > random generation of initial sequence numbers. It is now
> > known that these numbers are guessable on many platforms,
> > with a high degree of accuracy. The ability to accurately
> > guess sequence numbers, combined with readily available
> > session information, allows for a variety of sophisticated
> > attacks on computer networks.
>
> It seems that Guardent claims that the pseudo-random ISN
> generation algorithm implemented in most TCP/IP stacks
> is flawed. Does anybody have more information about this?
>
> Solar Eclipse

Yep, and how long has this been known??  Years!  He's probably talking about
windows, because it has the largest percentage of packets on the internet.

Mike