[470] in cryptography@c2.net mail archive
Re: How bad is this?
daemon@ATHENA.MIT.EDU (Mike Duvos)
Wed Apr 2 14:14:30 1997
From: mpd@netcom.com (Mike Duvos)
To: cryptography@c2.net
Date: Wed, 2 Apr 1997 09:44:37 -0800 (PST)
In-Reply-To: <199704020642.WAA04347@netcom20.netcom.com> from "Mike Duvos" at Apr 1, 97 10:42:28 pm
Mr. Moderator Writes:
> [The problem is sequence number attacks. Using hashes instead of
> conventional time based sequence numbers defends against this. You don't
> want "random" sequence numbers -- you want separate spaces of sequences
> for each socket. See RFC1948 by Steve Bellovin for details. --Perry]
Just read the RFC. It certainly isn't an attack an unsophisticated user
can easily perform. It is cute, though, in that if one can guess the
initial sequence number, one can correctly do TCP without having to see
any of the data coming from the other end.
It seems the real problem here is a lack of authentication, and the fact
that anyone can put any return address on their datagrams. I wouldn't
necessarily blame the initial sequence number algorithm, whose primary
purpose is to prevent stale datagrams from prior instances of a connection
from confusing a current instance, and not to prevent connections from
being deliberately intercepted.
Even with a brilliant hashing strategy for generating initial sequence
numbers, those numbers are transmitted in the clear over possibly
many insecure hops. If the attacker has the ability to sniff anywhere
along that route, he can impersonate a trusted machine regardless of
the method of choosing initial sequence numbers.
It would also seem a clever cryptographic hash would be the last thing
you would want here, since random selection of initial sequence
numbers would tend to negate their original function of protecting
successive incarnations of a connection from each other.
--
Mike Duvos $ PGP 2.6 Public Key available $
mpd@netcom.com $ via Finger. $
