[32802] in bugtraq
Re: A new TCP/IP blind data injection technique?
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Dec 11 13:34:51 2003
Message-Id: <200312111717.hBBHHfa04916@sunnl.Holland.Sun.COM>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Michal Zalewski <lcamtuf@ghettot.org>, bugtraq@securityfocus.com,
full-disclosure@netsys.com
In-Reply-To: <20031210235933.GA32037@hub.freebsd.org>
Date: Thu, 11 Dec 2003 18:17:41 +0100
From: Casper Dik <casper@holland.sun.com>
>On Thu, Dec 11, 2003 at 12:28:28AM +0100, Michal Zalewski wrote:
>
>> 2. Random IP ID numbers, a feature of some systems (OpenBSD?), although also
>> risky (increasing reassembly collission probability), make the attack
>> more difficult.
>
>FreeBSD also has the option of randomizing the IP ID.
Solaris uses a different IP ID sequence for each system it
communicates with; you'll need to be able to see the packets
go by (in which case TCP splicing is child's play).
Casper
