[773] in bugtraq
Re: preventing sequence number guessing
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Wed Jan 25 17:37:07 1995
From: newsham@aloha.net (Timothy Newsham)
To: dawagner@phoenix.Princeton.EDU (David A. Wagner)
Date: Wed, 25 Jan 1995 10:10:25 -1000 (HST)
Cc: bugtraq@fc.net
In-Reply-To: <9501250440.AA02761@tucson.Princeton.EDU> from "David A. Wagner" at Jan 24, 95 11:40:37 pm
> I've only got one novel idea: instead of using tcp_iss directly
> for the SYN everytime a new TCP/IP connection is opened, send
> MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].
This sounds awefully expensive. One md5 operation for each
new passive or active connection.
> MD5 to predict sequence numbers. MD5 is quite fast (is it fast
> enough?) and is completely exportable. Code for MD5 is available
This is a good question. How many connections do you expect per
second (both incoming and outgoing)? How much of a load will
this place on the rest of the machine?
