[lwip-users] Re: [lwip] TCP sequence number attacks

[John C. Toman]

An analysis of TCP ISN algorithms in use today is at:

http://razor.bindview.com/publish/papers/tcpseq.html

The main focus of the analysis is vulnerability to spoofing. The paper 
does not necessarily advocate RFC1948-based hashing as the answer, but 
the RFC-1948-based algorithms (linux and OpenBSD) fared well. It also 
contains analysis of DNS sequence numbers, which in general are (gulp!) 
even more vulnerable.

John

Adam Dunkels wrote:

>On Fri, 2002-08-16 at 22:56, Paul Sheer wrote:
>  
>
>>>The right way to solve it isn't just to do iss = random(), though. I
>>>      
>>>
>>it is with PaulOS, because PaulOS random() is secure
>>    
>>
>
>The problem isn't with the randomness, but with the probability for
>hitting "old" sequence numbers that have been used recently. Here is
>what RFC1948 says:
>
>   The choice of initial sequence numbers for a connection is not
>   random.  Rather, it must be chosen so as to minimize the probability
>   of old stale packets being accepted by new incarnations of the same
>   connection [6, Appendix A].  Furthermore, implementations of TCP
>   derived from 4.2BSD contain special code to deal with such
>   reincarnations when the server end of the original connection is
>   still in TIMEWAIT state [7, pp. 945].  Accordingly, simple
>   randomization, as suggested in [8], will not work well.
>
>/adam
>  
>




[This message was sent through the lwip discussion list.]