Date: Fri, 4 Sep 1998 16:05:01 -0400 (EDT) From: "Charles M. Hannum" <mycroft@mit.edu> To: Jos Backus <Jos.Backus@nl.origin-it.com> Cc: tcp-impl@cthulu.engr.sgi.com Subject: Re: Should FreeBSD-3.0 ship with RFC 1644 (T/TCP) turned off by default? Message-ID: <199809042005.QAA01407@lunacity.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
> Bellovin's RFC instead uses a hash based on everything *except* the > time-based ISS to rotate the ISS space into a different position for > each possible pair of addresses and ports. This preserves the correct > TCP behaviour, while frustrating sequence number attacks by preventing > rapid testing of possible ISNs -- because an ISS learned from probing > one pair of addresses and ports is not useful in predicting the ISS > for another pair, and you can't test a particular pair again until the > previous SYN has timed out. Is occurs to me that the latter part of this probably isn't true, if the attacker interleaves SYNs and RSTs. I'm left wondering if any of these hashes actually provides a security benefit beyond a randomized increment, except against a completely naive attacker using an old exploit program. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809042005.QAA01407>