Slashdot Mirror

← Back to Stories (view on slashdot.org)

TCP/IP Sequence Number Analysis

Posted by michael on from the you-don't-have-to-be-a-kreskin-to-predict-this dept.

johnwbyrd writes "Upon connection via TCP/IP to a host, the host generates an Initial Sequence Number (ISN). It's important to design ISN generation sequences so remote attackers can't predict an ISN (this is called a "blind spoofing" attack). Using phase space analysis you can check the quality of ISNs generated on various OSes. Windows 98's graph is quite pretty."

2 of 215 comments (clear)

  1. Re:Already Slashdotted.... by joshv · · Score: 5, Informative

    Yeah, the bozos that created page put the entire report, with some 40-50 embedded images on one page. So everyone that hits the things tries to pull down many megs if image files all at once.

    To summarized the report. Unpatched versions of NT4 and Windows 95/98SE are the most vunerable to spoofing attacks because of predictable patterns, or attractors, in the sequence produced by the random number generator used for ISNs. Linux,OpenBSD and FreeBSD scored near the top, though the report says there is room for improvement. Windows 2000, MacOSX, IRIX and BSDI were in the middle of the pack. HPUX and AIX were just as bad as windows 98.

    So we have out prototypical 'windows less secure than linux' submission and the slashdotters are happy :)

    -josh

  2. Also available, cache of the pdf by morcheeba · · Score: 5, Informative

    All the pictures are included in this pdf mirror: http://www.mirrors.wiretapped.net/security/info/pa pers/networking/strange-attractors-and-tcpip-seque nce-number-analysis.pdf [1MB].

    It doesn't display correctly with my version of KDE's PS/PDF Viewer, but good old ghostview works great.

    --
    HIV Crosses Species Barrier... into Muppets