Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Nov 2000 12:03:31 -0800
From:      "David O'Brien" <obrien@freebsd.org>
To:        stable@freebsd.org, Lauri Laupmaa <mauri@aripaev.ee>
Subject:   Re: TCP sequence prediction on freebsd
Message-ID:  <20001102120331.B13873@dragon.nuxi.com>
In-Reply-To: <20001102145539.Z37870@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Nov 02, 2000 at 02:55:39PM -0500
References:  <8E67E032AD23D4118F740050042F21F76F@lant.mbp.ee> <20001102113247.A13873@dragon.nuxi.com> <20001102145539.Z37870@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Nov 02, 2000 at 02:55:39PM -0500, Bill Fumerola wrote:
> > > nmap reports something like:
> > > > TCP Sequence Prediction: Class=random positive increments
> > > >                          Difficulty=85682 (Worthy challenge)
> > > 
> > > is this tcp sequence prediction really an security issue ?
> > 
> > **YES**  Do a search for the Mitnick attack on Tsutomu Shimomura.  It was
> > possible because of the ability to predict the TCP sequence numbers.
> 
> The question was if "_this_" prediction is really a securit issue (ie
> FreeBSD's), not if tcp sequence prediction in general is a security
> issue.

The answer still stands.  The difficulty to predict TCP sequence numbers
must be raised as high as we know how to.  The tools Mitnick used took
several years to come out in the open (my research lab has had copies
long before then).  So just because Job Blow doesn't know how to do
something, doesn't mean there aren't people out there that do know how to
do it and that aren't.  IP spoofing was thought so technically hard that
it wasn't worth bothering to fix the problems because no would would ever
be able to "really do it" (even though 2 papers by distintished
individuals had been writen on the problem).  We know better today.
 
-- 
-- David  (obrien@FreeBSD.org)
          GNU is Not Unix / Linux Is Not UniX


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001102120331.B13873>