[19651] in bugtraq
Not so random TCP initial sequence numbers
daemon@ATHENA.MIT.EDU (Elias Levy)
Wed Mar 14 18:48:45 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20010314143106.B13574@securityfocus.com>
Date: Wed, 14 Mar 2001 14:31:06 -0700
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
CERT has published a vulnerability note regarding the ISN vulnerability
Guardent has supposedly discovered. You can find the note at
http://www.kb.cert.org/vuls/id/498440
It seems the vulnerability lies in the implementation of some TCP/IP
stacks that attempt to randomize TCP's initial sequence numbers - ironically
for the purpose of not generating predictable ISNs to stop blind IP spoofing
of TCP connections. While the ISNs generated by these implementations appear
random they apparently are statistically predictable.
Given the high-quality work done in the past by Tim Newsham, the researcher
that found the problem, I would say vulnerability is real.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
