netdev
[Top] [All Lists]

Re: tcp vulnerability? haven't seen anything on it here...

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: tcp vulnerability? haven't seen anything on it here...
From: Giuliano Pochini <pochini@xxxxxxxx>
Date: Thu, 22 Apr 2004 10:23:59 +0200 (CEST)
Cc: linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, cfriesen@xxxxxxxxxxxxxxxxxx, Jörn Engel <joern@xxxxxxxxxxxxxxxxxxxx>
In-reply-to: <20040421132047.026ab7f2.davem@xxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On 21-Apr-2004 David S. Miller wrote:
> On Wed, 21 Apr 2004 19:03:40 +0200
> Jörn Engel <joern@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
>> Heise.de made it appear, as if the only news was that with tcp
>> windows, the propability of guessing the right sequence number is not
>> 1:2^32 but something smaller.  They said that 64k packets would be
>> enough, so guess what the window will be.
>
> Yes, that is their major discovery.  You need to guess the ports
> and source/destination addresses as well, which is why I don't
> consider this such a serious issue personally.

Yes, but it is possible, expecially for long sessions. Also,
data injections is also possible with the same method, because
the receiver accepts everything inside the window, which is
usually 64k. Out of curiosity: in case Linux receives two
packets relative to the same portion of the stream, does it
check if the overlapping data is the same ? It would add extra
security about data injection in case the data has not been
sent to userspace yet.


--
Giuliano.


<Prev in Thread] Current Thread [Next in Thread>