From owner-freebsd-stable Thu Nov 2 12: 3:37 2000 Delivered-To: freebsd-stable@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 92FA237B4C5 for ; Thu, 2 Nov 2000 12:03:32 -0800 (PST) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id MAA14104; Thu, 2 Nov 2000 12:03:31 -0800 (PST) (envelope-from obrien) Date: Thu, 2 Nov 2000 12:03:31 -0800 From: "David O'Brien" To: stable@freebsd.org, Lauri Laupmaa Subject: Re: TCP sequence prediction on freebsd Message-ID: <20001102120331.B13873@dragon.nuxi.com> Reply-To: obrien@freebsd.org References: <8E67E032AD23D4118F740050042F21F76F@lant.mbp.ee> <20001102113247.A13873@dragon.nuxi.com> <20001102145539.Z37870@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001102145539.Z37870@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Nov 02, 2000 at 02:55:39PM -0500 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Nov 02, 2000 at 02:55:39PM -0500, Bill Fumerola wrote: > > > nmap reports something like: > > > > TCP Sequence Prediction: Class=random positive increments > > > > Difficulty=85682 (Worthy challenge) > > > > > > is this tcp sequence prediction really an security issue ? > > > > **YES** Do a search for the Mitnick attack on Tsutomu Shimomura. It was > > possible because of the ability to predict the TCP sequence numbers. > > The question was if "_this_" prediction is really a securit issue (ie > FreeBSD's), not if tcp sequence prediction in general is a security > issue. The answer still stands. The difficulty to predict TCP sequence numbers must be raised as high as we know how to. The tools Mitnick used took several years to come out in the open (my research lab has had copies long before then). So just because Job Blow doesn't know how to do something, doesn't mean there aren't people out there that do know how to do it and that aren't. IP spoofing was thought so technically hard that it wasn't worth bothering to fix the problems because no would would ever be able to "really do it" (even though 2 papers by distintished individuals had been writen on the problem). We know better today. -- -- David (obrien@FreeBSD.org) GNU is Not Unix / Linux Is Not UniX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message