[11320] in bugtraq
Re: Linux blind TCP spoofing, act II + others
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Aug 9 21:43:07 1999
Message-Id: <7ohoj2$pdo$1@blowfish.isaac.cs.berkeley.edu>
Date: Sat, 7 Aug 1999 09:58:10 -0700
Reply-To: David Wagner <daw@CS.BERKELEY.EDU>
From: David Wagner <daw@CS.BERKELEY.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In article <19990806123911.A1147@speedcom.it>,
Salvatore Sanfilippo -antirez- <antirez@speedcom.it> wrote:
> i think that a consecutive IP id now can be considered
> a weakness in IP stacks. [...] Here is a patch for
> linux 2.0.36 [...] 'Truly random id' [...]
Your patch isn't secure. It uses a weak pseudo-random number
generator to generate id's, and an attacker can just crack the
PRNG to predict what id's will be used in the future.
I think you probably want to use /dev/urandom to generate your
IP id's, to prevent this attack. (Or use a variant of Bellovin's
RFC 1948, adapted to generate IP id's instead of TCP ISN's.)
