[820] in bugtraq
Re: Chances of guessing?
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Jan 27 17:32:25 1995
Date: Fri, 27 Jan 1995 14:59:42 -0500
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bicknell@ussenterprise.async.vt.edu
Cc: bugtraq@fc.net
> I've read the procedure for guessing sequence numbers and the like,
> and it seems simple enough, except on any system with a heavy load.
> For instance, take a machine that gets 20 new connections/second on
> average (fairly likely on a machine thats run as a WWW server for
> instance). Given that most systems increment the sequence counter by
> some amount per new connection, and you can't predict how many new
> connections will occur in a given time interval it seems that this
> hole just got a lot harder to exploit.
A little harder. If there is, say, an average of 1/10 second between
your initial probe and your attack packet, then all the attacker needs
to do is add in the per-connection value once or twice. True,
depends on luck...but it doesn't make it hard enough that the program
won't succeed after a half-dozen tries.
der Mouse
mouse@collatz.mcrcim.mcgill.edu
