[776] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: preventing sequence number guessing

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jan 25 19:17:19 1995

To: newsham@aloha.net (Timothy Newsham)
Cc: dawagner@phoenix.Princeton.EDU (David A. Wagner), bugtraq@fc.net
In-Reply-To: Your message of "Wed, 25 Jan 1995 10:10:25 -1000."
             <m0rXE2r-000a0oC@hookomo> 
Reply-To: perry@imsi.com
Date: Wed, 25 Jan 1995 17:02:43 -0500
From: "Perry E. Metzger" <perry@imsi.com>


Timothy Newsham says:
> > I've only got one novel idea: instead of using tcp_iss directly
> > for the SYN everytime a new TCP/IP connection is opened, send
> > MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].
> 
> This sounds awefully expensive.  One md5 operation for each
> new passive or active connection.

Compared to the draft I just wrote for the MD5 based Authentication
Header for IPv4 which does an MD5 for each packet, this is very
lightweight indeed. :-)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[776] in bugtraq

Re: preventing sequence number guessing

daemon@ATHENA.MIT.EDU (Perry E. Metzger)Wed Jan 25 19:17:19 1995

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jan 25 19:17:19 1995