|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Linux blind TCP spoofing, act II + others
David Wagner (daw
CS.BERKELEY.EDU)
Sat, 7 Aug 1999 09:58:10 -0700
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Narr0w: "Crash FrontPage Remotely..."
- Previous message: Scott Drassinower: "Re: FlowPoint DSL router vulnerability"
- In reply to: Matt: "FlowPoint DSL router vulnerability"
- Next in thread: Salvatore Sanfilippo -antirez-: "Re: Linux blind TCP spoofing, act II + others"
- Reply: Salvatore Sanfilippo -antirez-: "Re: Linux blind TCP spoofing, act II + others"
In article <19990806123911.A1147speedcom.it>,
Salvatore Sanfilippo -antirez- <antirezspeedcom.it> wrote:
> i think that a consecutive IP id now can be considered
> a weakness in IP stacks. [...] Here is a patch for
> linux 2.0.36 [...] 'Truly random id' [...]
Your patch isn't secure. It uses a weak pseudo-random number
generator to generate id's, and an attacker can just crack the
PRNG to predict what id's will be used in the future.
I think you probably want to use /dev/urandom to generate your
IP id's, to prevent this attack. (Or use a variant of Bellovin's
RFC 1948, adapted to generate IP id's instead of TCP ISN's.)
- Next message: Narr0w: "Crash FrontPage Remotely..."
- Previous message: Scott Drassinower: "Re: FlowPoint DSL router vulnerability"
- In reply to: Matt: "FlowPoint DSL router vulnerability"
- Next in thread: Salvatore Sanfilippo -antirez-: "Re: Linux blind TCP spoofing, act II + others"
- Reply: Salvatore Sanfilippo -antirez-: "Re: Linux blind TCP spoofing, act II + others"
This archive was generated by hypermail 2.0b3 on Mon Aug 09 1999 - 08:32:11 CDT