netdev
[Top] [All Lists]

Re: tcp vulnerability? haven't seen anything on it here...

To: Chris Friesen <cfriesen@xxxxxxxxxxxxxxxxxx>
Subject: Re: tcp vulnerability? haven't seen anything on it here...
From: Jörn Engel <joern@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Apr 2004 19:03:40 +0200
Cc: netdev@xxxxxxxxxxx, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
In-reply-to: <4086A077.2000705@xxxxxxxxxxxxxxxxxx>
References: <40869267.30408@xxxxxxxxxxxxxxxxxx> <Pine.LNX.4.53.0404211153550.1169@chaos> <4086A077.2000705@xxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.3.28i
On Wed, 21 April 2004 12:25:27 -0400, Chris Friesen wrote:
> 
> The impression I got was that some equipment was much more vulnerable 
> due to having a) massive windows, and b) using sequential source ports, 
> making it much easier to guess even if you can't tap the line.

Heise.de made it appear, as if the only news was that with tcp
windows, the propability of guessing the right sequence number is not
1:2^32 but something smaller.  They said that 64k packets would be
enough, so guess what the window will be.

Obvious solution would be to use a small window, which would cost
performance.  Different solution would be to use a different window
size for reset, like, say, 1.  Not sure if that would still be
standard, though.

Jörn

-- 
The cost of changing business rules is much more expensive for software
than for a secretaty.
-- unknown


<Prev in Thread] Current Thread [Next in Thread>