Slashdot Mirror
TCP/IP Sequence Number Analysis
johnwbyrd writes "Upon connection via TCP/IP to a host, the host generates an Initial Sequence Number (ISN). It's important to design ISN generation sequences so remote attackers can't predict an ISN (this is called a "blind spoofing" attack). Using phase space analysis you can check the quality of ISNs generated on various OSes. Windows 98's graph is quite pretty."
http://216.239.39.100/search?q=cache:sJUlrsbgsJ4C: razor.bindview.com/publish/papers/tcpseq.html+&hl= en&ie=UTF-8&e=619
Let's see. Mitnick used this what, 8 years ago now? That's how he got into that guy's login session that was pre-existing between the two machines, or something to that effect.
Plus, various folks were using this on big IRC networks after that, but still many years ago.
That "emmanuel-" in #2600 that says he gave the subscription list to the FBI and ran over Walter was a spoof. So was billg in #windows95. That's just the tip of the iceberg.
Everything old is new again.
Here is the correct Google cache:
: razor.bindview.com/publish/papers/tcpseq/print.htm l
http://216.239.51.100/search?q=cache:pIKhdPlNqPYC
Pictures are bettererer.
r azor.bindview.com/publish/papers/tcpseq.html
http://web.archive.org/web/20020124085843/http://
Comment removed based on user account deletion
Ok, I've mirrored the HTML and most of the images(still downloading) HERE. Please only download this to mirror it! My bandwidth is limited!
Yeah, the bozos that created page put the entire report, with some 40-50 embedded images on one page. So everyone that hits the things tries to pull down many megs if image files all at once.
:)
To summarized the report. Unpatched versions of NT4 and Windows 95/98SE are the most vunerable to spoofing attacks because of predictable patterns, or attractors, in the sequence produced by the random number generator used for ISNs. Linux,OpenBSD and FreeBSD scored near the top, though the report says there is room for improvement. Windows 2000, MacOSX, IRIX and BSDI were in the middle of the pack. HPUX and AIX were just as bad as windows 98.
So we have out prototypical 'windows less secure than linux' submission and the slashdotters are happy
-josh
I wonder how it came to be that you didn't publish the only meaningful indications of Microsoft's security? Oh, I know. It's because they are about 1/6th as bad as the outdated versions you impartially decided to cite.
http://web.archive.org/web/20010605064202/http://r azor.bindview.com/publish/papers/tcpseq/funct.jpg / r azor.bindview.com/publish/papers/tcpseq/mix.jpg
h ttp://web.archive.org/web/20010605045958/http://r azor.bindview.com/publish/papers/tcpseq/mix2.jpg
http://web.archive.org/web/20010605035655/http://r azor.bindview.com/publish/papers/tcpseq/linux.jpg / r azor.bindview.com/publish/papers/tcpseq/win2k.jpg / r azor.bindview.com/publish/papers/tcpseq/winnt.jpg / r azor.bindview.com/publish/papers/tcpseq/win95.jpg / r azor.bindview.com/publish/papers/tcpseq/win98.jpg / r azor.bindview.com/publish/papers/tcpseq/cisco2.jpg / /r azor.bindview.com/publish/papers/tcpseq/cisco.jpg / r azor.bindview.com/publish/papers/tcpseq/aix.jpg
h ttp://web.archive.org/web/20010605063344/http://r azor.bindview.com/publish/papers/tcpseq/freebsd.jp g: //r azor.bindview.com/publish/papers/tcpseq/openbsd.jp g: //r azor.bindview.com/publish/papers/tcpseq/obsdnew.jp g: //r azor.bindview.com/publish/papers/tcpseq/hpux11.jpg / /r azor.bindview.com/publish/papers/tcpseq/sol7.jpg
http://web.archive.org/web/20010605062854/http://r azor.bindview.com/publish/papers/tcpseq/sol8.jpg
http://web.archive.org/web/20010605055059/http://r azor.bindview.com/publish/papers/tcpseq/sol2.jpg
http://web.archive.org/web/20010605060640/http://r azor.bindview.com/publish/papers/tcpseq/sol2ip.jpg / /r azor.bindview.com/publish/papers/tcpseq/bsdi.jpg
http://web.archive.org/web/20010605070105/http://r azor.bindview.com/publish/papers/tcpseq/irix.jpg
http://web.archive.org/web/20010605042650/http://r azor.bindview.com/publish/papers/tcpseq/macos1.jpg / /r azor.bindview.com/publish/papers/tcpseq/macos.jpg / r azor.bindview.com/publish/papers/tcpseq/dnslibc.jp g: //r azor.bindview.com/publish/papers/tcpseq/dnswin.jpg / /r azor.bindview.com/publish/papers/tcpseq/dnssol.jpg / /r azor.bindview.com/publish/papers/tcpseq/comp.jpg
http://web.archive.org/web/20010605053816/http://r azor.bindview.com/publish/papers/tcpseq/random.jpg / /r azor.bindview.com/publish/papers/tcpseq/data.jpg
http://web.archive.org/web/20010605044549/http://r azor.bindview.com/publish/papers/tcpseq/mix.jpg
h ttp://web.archive.org/web/20010824145421/http://r azor.bindview.com/publish/papers/tcpseq/linc.jpg
http://web.archive.org/web/20010605064500/http://r azor.bindview.com/publish/papers/tcpseq/ttime.jpg
http://web.archive.org/web/20010605044549/http:/
http://web.archive.org/web/20010605064823/http:/
http://web.archive.org/web/20010605040907/http:/
http://web.archive.org/web/20010605070134/http:/
http://web.archive.org/web/20010824220456/http:/
http://web.archive.org/web/20010605051434/http:/
http://web.archive.org/web/20010828165152/http:
http://web.archive.org/web/20010604211355/http:/
http://web.archive.org/web/20010605052241/http
http://web.archive.org/web/20010605050747/http
http://web.archive.org/web/20010605064736/http
http://web.archive.org/web/20010605061712/http:
http://web.archive.org/web/20010605044904/http:
http://web.archive.org/web/20010605041254/http:
http://web.archive.org/web/20010605054335/http:/
http://web.archive.org/web/20010605061755/http
http://web.archive.org/web/20010605060741/http:
http://web.archive.org/web/20010605051819/http:
http://web.archive.org/web/20010605053140/http:
Remove the spaces, copy-and-paste. We don't want to take the Internet Archive down, as well.
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Yeah.
Only a use of this attack is to get around IP filters, or to hide the origin of a communication.
And you can't receive data.
So attack is feasible.. but not that useful.
Read the FAQ ...
Switch back to Slashdot's D1 system.
More than that, this is a good reason why having only one major OS cannot be secure. If you can write an extremely good sequence number predictor for Windows 2000 sessions and get yourself a few nice deer stands on the periphery of the backbone (or heck, in the backbone - I'm not sure how feasible that is), you can 0wn the majority of corporations you're interested in attacking.
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues. I can't figure out if none of Dubya's advisors understand computers or if they are so full of it as to actually think, for whatever reason, that nobody would ever attack the US electronically. I have a feeling it's the latter being caused by the former, though. . .
Which would provide somewhat random ISNs. What we are seeing here is the fact that compuers today are faster than they where twenty years ago, and thus better random (or psuedo-random) ISN generators are needed. Still it's nice to see vendors getting called out on bad implementations.
"In my values, freedom is more important than 'serving users' in a mere practical sense." -- RMS
echo r00t::0:0:0wned:/root:/bin/bash fits in one packet.
Food for thought.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
And also, I happened notice how you specifically failed to mention the reasonable improvements made in recent versions of Windows - specifically how its around ~10% attack feasability compared to 100% with older versions.
well, to be honest, it's not the most uptodate thing in the world. the freebsd tested was 4.2. and there have been significant improvements in tcp sequencing since then (being as we're at 4.6 now) and there is even a kernel compilation flag for random sequences.
so it's probably a year out of date, don't feel so singled out
dave
This report was published over a year ago, examining vulnerabilities that have been well-understood for >6 years. How is this news?
It might be useful if it was up to date, however as it stands most of the OSes listed there have had non-trivial revisions and new releases since then: WinXP isn't mentioned; Linux testing is limited to some version of 2.2, with no mention of 2.4; it refers to OpenBSD 2.9 coming out "soon" (3.1 is now available); OS X has had many major improvements since its first release; etc.
I'll be the first to admit that some of that articale was a little beyond me at this time. However, for anyone running a server, it would seem that OpenBSD still is the best choice for anything on the 'net. OpenBSD had the best TCP/IP random number generation (recently re-written). It has also been developed with security in mind. After about 4 years of linux experience it took me an hour to get an openbsd machine running, natting, and pf'ing. It was really that simple - as long as you have the experience. Want httpd installed? "make install" in the ports directory.
What really suprised me in this article is that some of the commercial unices were so poor in their implementation. Solaris was only secured after tweaking, Mac OS X, while not 100% attackable, still wasn't much better. Same for IRIX and AIX. I didn't notice version numbers however, does anyone know if the state has changed for newer version of IRIX? It was also disappointing the the 2.2 series kernel was used - have things changed in 2.4? If not, is there work being done in 2.5/6 ?
And if anyone has ANY insight as to why Window98 is much worse than windows95 I'd love to hear it.
S.t.e.v.e.
All the pictures are included in this pdf mirror: http://www.mirrors.wiretapped.net/security/info/pa pers/networking/strange-attractors-and-tcpip-seque nce-number-analysis.pdf [1MB].
It doesn't display correctly with my version of KDE's PS/PDF Viewer, but good old ghostview works great.
HIV Crosses Species Barrier... into Muppets
Mirror: http://ralph.cx/tcpseq/
Im missing 3 images... for now...
Cybie! aka Ralph Bonnell
1. Sensationalism
"OMG Someone can guess the ISN number, We are all on our way to destruction"
2. Geekiness
"Wtf is an ISN number"
3. M$ Bashing (Note the $ $ign it means I dissaprove of Microsofts Money Grubbing Ways (TM) [OMG another funny!!])
You mean, like this improvement?
Seriously, the post was entitled "for those wondering how insecure Microsoft is", not "for those wondering how Microsoft stacks up against other systems" which, as you point out, would indicate that consumer OSes are pathetic, while 'professional' OSes like NT and 2000 are making modest improvements, and that while the *BSDs are pretty good, and GNU/Linux quite good, there are plenty of older UNIX implimentations that were quite poor, and even pathetic, as well, not to mention CISCO, which makes up much of the internet backbone.
But, since Microsoft is conducting a wholesale attack on our very freedom of choice through it Palladium and DRM efforts, pointing out additional, purely technical reasons for moving away from Microsoft to *BSD and GNU/Linux alternatives and thereby protecting your security as well as your freedom isn't such an ignoble thing to be doing at all.
The Future of Human Evolution: Autonomy
There are two reasons why Slashdot doesen't cache liked pages:
1) I could very well be illegal without obtaing permission from a human. This would take too much time away from CmdrTaco adding spelling errors to my posts.
2) It would costs money in bandwidth costs. VA Software coporate officers love to roll naked in freshly minted $1 bills, and this would take away from their stash. Then only, one officer could roll at a time. Not a happy thing.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
You have to remove the spaces that slashdot puts in because some genious months ago figured out this thing called a "page-widening post." About the most annoying thing I've ever seen, really.
SIG: HUP
the reason you had a relatively easy time with the mac is not because of it's security. it 's because of it's relative obscurity. people don't find it worthwhile to hack a mac, don't know how, and don't care to... etc. Things might change now that the hacking methods are a little closer than they used to be (now 30 years of unix hacking knowledge may be applied) however, MacOS classic wasn't even included in teh final score (the little rainbow graphic) for some reason, however they do state in the text that MacOS X scored a little higher than it. Take that as you will.
and even though they put in the spaces, there are still page widening posts. ever browse at -1?
Look, I browsed through the article, but not enough to quibble over the mathematical definition of attractors. I don't know enough about attractors to quibble even if I did.
But I am a statistician, and about the "vague pseudomathematical babble":
Sometimes, when you're presenting stuff to nonspecialists, you need to be a little more vague and pseudomathematical for people to understand. Sometimes it's more important for 100% of the people to get a 80% valid understanding of something than 20% to get a 100% valid understanding. I think it's more accurate in this regard to describe many vague mathematical generalizations as "quasimathematical".
Just being a little vague is ok or even necessary sometimes. The problem with always using "well-agreed mathematical definitions" is that not everybody understands them. There are, however, some who might understand the gist of the argument, and sometimes it's more important to get that across.
Maybe you're of the opinion that we shouldn't explain math to people who don't understand every bit of it known to mankind. I don't believe, though, that people who try to make math a bit more accessible should be "hit hard". On the contrary--they should be encouraged. People pursue things, after all, because they're interested in it, and often, we're interested in the things that are novel to us.
Again, I don't really know enough about it. Maybe this guy was completely incorrect. But quasimathematical babble isn't always bad.
No. You are completely and totally wrong. The only hard part is predicting the initial sequence number. For each successive packet, the only problem is guessing how much data was sent so that you can ack it and not end up closing the window. In practice, this is easy, as the amount of data that was sent should be predictable within a narrow range, and it is safe to send multiple guesses.
Actually this is a case of "You Get What You Don't Pay For" -
HPUX, Windows and AIX are all expensive and suck.
Linux, OpenBSD, FreeBSD are all free and work wonderfully.
So in this case, your level of protection is determined by your inteligence and not by the amount of money you sepend.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Obviously this is not the case, or Google and other businesses that are caching web sites would be out of business by now. Caching web proxies would not be so common, instead we have never heard of a legal attack against a caching web proxy. This excuse is without merit.
The FAQ also gives this as a reason:
But this is such an easily solved problem, this must also be a dishonest excuse. Even updating the cache once per minute would not unduly load the victim sites. Using standard proxy software like Squid would completely solve this problem.
Surely in the 2 years since this question has been answered, CmdrTaco has had time to work on the solution to this. This is his full time job. Not much effort is being spent on the development of the software that runs the site, and certainly with the number of editors and how sloppily it is done, this can not be taking more than an hour per day per editor, if that. There is no original content, it is all submitted. As a LNUX shareholder, I wonder what these guys really do all day.
Is it just me, or do these pictures look just like the X-ray defraction of a crystal? I suppose it goes to show the symmetry in the universe.
The dogcow says "Moof!"
I guess the end run around any preceived problems on CmdrTaco's part would be to just provide links to Google's cache.
A certainly agree with you..
Considering that there are several full-time people working (and being paid) on Slashdot, I find it rather odd that that hasen't been a solution forthcoming to this common problem.
It could be a case of burn-out, but I suspect general lazyness.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
This is not true. Your location on the network does not matter if you are worried about sequence number prediction. If you are positioned so that you can see the traffic both ways, you do not need to predict sequence numbers. And, all but the most insecure networks are vulnerable to attacks from the internet solely based on a spoofed IP address. No major US corporation is going to have a hole like that these days - they at least realize that securing the outside of the firewall is important. If there were such a hole, the intelligence necessary to find out about its existance and the address to use would take about the same effort to obtain as other more practical ways into the network.
Everybody realized to be afraid of IP-address based authentication after the widely publicized IP spoofing attacks.
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues.
The US government actively attacks computer securitiy. This is a problem that can be totally solved with strong encryption. Who is the biggest opponent in the world to ubiquitous strong encryption?
I wonder how it came to be that you didn't publish the only meaningful indications of Microsoft's security? Oh, I know. It's because they are about 1/6th as bad as the outdated versions you impartially decided to cite.
That may be, but probably isn't, true.
If you read the article carefully you'll notice that the versions of *BSD and the Linux kernel (2.2.x) are also outdated. This isn't some neferious plot to diss Microsoft (hell, that isn't all that hard to do with cold, hard, factual data in the first place, so there is no need for anyone to cook the data, least of all this study), it is a result of the fact that research and study take time.
I'm sure if the author had looked at Linux 2.4.x and current versions of the BSDs the results would have been significantly better (Mac OS X as well, being a BSD derivative).
As for whether or not the various Windows versions would have been better, that is an assumption we really cannot make. Not for any prejudicial reasons, but because historically they generally haven't always improved, and indeed on at least one occasion (95->98) got considerably worse. We can hope that the security of Windows 2k has improved since then, but there is no real historical precendence to support that hope, in contrast with most other competitors products including the BSDs and Linux products cited here.
The comparison was fair: it was a snapshot of the state of the art taken a couple of years ago, then studied and analized in detail over those past two years. This is how every study that bases itself on factual research works, as opposed to corporate marketing drivel purchased to look like research, as has come from the Microsoft camp on numerous occasions in the last couple of years, and has in every case been thoroughly, and utterly obliterated in public rebuttal.
The Future of Human Evolution: Autonomy
Why not start looking for a better job instead of bitching and whinning on slashdot all day.
Try finding, especially in this depressed economy, an IT job that does not require you to use Microsoft software at least sometimes. I would estimate that this describes less than one tenth of one percent of jobs. It is virtually impossible to avoid. Switching jobs is not a solution to this problem.
Predictable ISNs are only a problem against a machine which has been configured to allow another machine privileges based solely on that second's machine IP address. Then pedictable ISNs allow a third machine to 'spoof' it's address, claiming to be the seond machine by using it's IP address, even though the third machine can't see the responses from the first machine, because the third machine doesn't have the IP address it's claiming.
If you don't configure this 'trust' relationship based on IP address alone, this is not an issue.
Example: SSH allows one machine to trust another, but requires that the trusted machine be at the right IP addresss AND posess the correct private key or keys - so no issue.
Any one who, in this time, configures a machine to trust another, based solely on the IP address in the frames received, is crazy. It's a very unwise practice.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
The thing I don't understand is... why do people continue to compare nowadays linux (or IRIX, Solaris, *BSD) etc... to things like Win98, which is _over 4 years_ old by now
The data that was studied for the last two or three years was collected prior to the study commencing, i.e. at least two or three years ago. If you'd bothered to read the paper, you would have noticed that the versions of *BSD and Linux being compared are equally as old (kernel 2.2.x of Linux, for example).
When you conduct a scientific study (not to be confused with the marketing drivel often sold as science and frequently purchased by the likes of Microsoft, and just as frequently disgraced and utterly rebutted a few days later by the scientific community) you collect the data, then you analize the data and draw conclusions from that data. All of that takes time, so any rigorous study conducted is going to be working with data collected at some time in the past.
[opinion]
I'm sure a study will come out showing the appalling weaknesses of Windows XP, but such a study will likely be reviled by Microsoft enthusiasts because, by the time the rigorous work is done, there will be some newer, even more invasive and buggy release of Windows out. That will not, however, make the study any less valid or accurate, any more than it would the study conducted here.
[/opinion]
The Future of Human Evolution: Autonomy
Well, I agree to a large extent. But ISN attacks are not really all that common (though from a DoD perspective, they REALLY need to be prevented).
Of course, in general, SSL should prevent these sorts of attacks because the incoming payload would be expected to be encrypted and so it would be non-trivial to input packets into the stream and have them do anything other than DoS. Still a problem but not as much as other issues.
Again, I see this as an issue where competent attackers may be heavily targetting a given system, but it is unlikely to be used by the casual crowd. So the Win 95 and 98 crowd should be relatively safe, while the DoD NEEDS additional protection. Corporate infrastructures are in the middle, and it is probably a good idea to protect them against this sort of attack.
However, it is also a pretty serious refutation of "open source is insecure."
LedgerSMB: Open source Accounting/ERP
Predictable ISNs are only a problem against a machine which has been configured to allow another machine privileges based solely on that second's machine IP address.
Are you willing to bet that this is the *only* kind of attack possible using sequence number prediction? Someone with a sick imagination may find other novel and destructive uses for it.
In fact, I can already think of some...
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
"OpenBSD had the best TCP/IP random number generation (recently re-written)."
Didn't you question anything when they said 2.2.1x, or OpenBSD 2.8 was "recent"? No? OpenBSD 3.1 is the most recently released one. They've had this for quite a few releases now (didn't you also notice that OpenSSH's default root problem affected OpenBSD 2.9-3.1?). They also had *no* data for Linux 2.4, or Windows XP.
Don't believe me? Scroll down to the bottom of the page where it mentions it was last updated in April 2001.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
why do people continue to compare nowadays linux (or IRIX, Solaris, *BSD) etc... to things like Win98, which is _over 4 years_ old by now
Maybe because lots of people are still using Win98 - for economic reasons, because of a need to support old software needed to access critical data, or because considering microsoft's track record so far we tend to assume that in a few years it will be discovered that XP has even worse holes... Or people just don't like WPA, and assume that it's a future revenue enhancement tool - in a few years when MS has a replacement for XP on the market, their site for XP WPA might suddenly have all sorts of problems until people start giving up and buying a new OS when their systems crash and have to be reloaded.
I agree, comparing Win98 to server OS's like BSD isn't fair - there should be two separate comparisons, desktop to desktop and server to server. I gather that in server software, Win2K isn't bad in comparison to other commercial server products, but the OSS products (Linux and BSD) are far better. So Microsoft's bellyaching about OSS being insecure is proven wrong. (And if Linux has improved that much in the last 4 years, it's another indication that when security becomes important, open source can improve much faster than closed.)
As for comparing desktop to desktop, it's hard to arrange a comparison that everyone would agree is fair. First off, you don't exactly have competing desktop OS's - you have MS which writes desktop OS's and tries to upgrade them to run servers later, and you've got everything else (since Mac OS 9), which are *nix server OS's downgraded to run a desktop. It's something for MS to whine about when they lose. Anyhow, MS's latest desktop (XP Home) might have acquired a good sequence randomizer to plug this one hole, but the default installation apparently opens up a lot of others. I wonder how many other utterly brain-dead decisions like allowing Plug-n-Play to work across the network are not yet revealed...
Comment removed based on user account deletion
The advertisement in your signature points to www.coronahost.com, which claims to be running Microsoft IIS. So I am sure you will agree that while the theoretical discussion is interesting, in the real world there are forces that you simply can not control. The only thing that can be done is to helplessly complain.
He was not talking about telnet. He was clearly talking about rsh, as that is a protocol that uses the source IP address for authentication and allows a command to be run. Telnet does not authenticate based on source IP address.
, and if you try to spoof ssh you will have to spoof the crypto as well, which is not feasible (unless it's SSLv1).
This is irrelevant, as he was demonstrating the fact that any obstacles to carrying on a long spoofed connection in no way lessen the risks.
Your response, while containing some minimal level of technical accuracy, is a complete non sequitur.
Well..
that's why you don't run any services that depend on the IP layer for authentication.
Comment removed based on user account deletion
Before everyone goes off about security.
TCP was not designed to be secure. It was designed to ensure data is put back in the proper order at the remote end, and to be able to adjust it's transmission to deal with congestion.
Yes, there is a security issue.... but any security breach through ip spoofing is really a fault of the higher layer application/protocol and NOT of the ability for a tcp session to be spoofed.
The paper talks about a n-dimensional space, but only looks at the 3-dimensional case. It is totaly possible that the picture looks different at other dimensions (even at two), and spoofing works better when you use that as a basis. Which of course doesn't make the others more secure should they have better results at other dimensions - the worst case is still the worst case.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
if you're interested in random ISN's I'd suggest you try the grsecurity patch from grsecurity.
:
it has loads of other interesting functions and the random ISN generator seems to work fine, here's a nmap scan result
TCP Sequence Prediction: Class=random positive increments
Difficulty=4184073 (Good luck!)
TCP ISN Seq. Numbers: BA77562B B9B190FD BA8C8609 BA3DFEB2 BA92DBDB B9BA515C
IPID Sequence Generation: Randomized
That may be, but I'm the proud owner of a brain, and my brain can out-think your card any day.
Care to fill us in?
I'm not usually a paranoid "MS wants to rule the world type" but this is a little too convenient a coincidence to ignore.
That is the most interesting thing i have seen on Slashdot for a long time.
I gots ta ding a ding dang my dang a long ling long
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues.
What are you talking about? It's already a complete crock anyway, and is well on its way to becoming two complete crocks.
Absolutely. It seems that's the only reliable way of doing it anyway. If two nodes behind the firewall both open connections to a web server with the same ISN, whats the firewall to do? Actually, since it's the firewall that opens the connections on the behalf of the nodes behind it, surely code reuse dictates the packet headers have OpenBSD ISNs. Finally, the FAQ on the Netcraft Survey talks about this to explain why some webservers are "Microsoft IIS" running on Linux; what it's really seeing is the ISN characteristics of a linux firewall or load balancer in front of the webserver.
:-D
So I think you're safe
Black holes are where the Matrix raised SIGFPE
Even if you're presenting stuff to specialists, you need to be a little more vague and pseudomathematical for people to understand.
The problem with always using "well-agreed mathematical definitions" is that not everybody understands them.
And not everybody agrees as to exactly what those "well-agreed" mathematical definitions should be. They do tend to get pretty well sorted out over time, but it does take time and effort.
Continuity is usually defined in terms of epsilons and deltas, valid enough in metric spaces, but the concept itself is valid for non-metrizable spaces which do not have distance functions. Is point-set topology a prerequisite for freshman calculus?
Is measure theory a prerequisite for statistics? Ever wanted to work with both discrete and continuous statistics at the same time?
If you look at the date on the web page, it's April 2001. Linux 2.2.x was just fine back then :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Funny I agree,
This is propellor head stuff, but it is not overly technical.
This guy is basically plotting pseudo random number sequences so that a human could look for patterns. Computers can not be trusted to find patterns in all circumstances, whereas a visual pattern can easily stand out to human eyes. Of course, there would be patterns that a human could not detect that would require a computer to find (witness MP3). The question is, how do you plot 32bit numbers which pretty much represent 1 dimensional data of very wide proportions between low and high values?
Break the 32bit numbers up into smaller parts to be viewed as points in 3D space!
I have been interested in LFSR (Linear Feedback Shift Register) PRNG's for a few years, starting out designing them in hardware and then finding out through reading Bruce Schneiers "Applied Cryptography", that I was actually onto something.
I wanted to view my streams broken up into 2D dots as postscript to find patterns that showed weak (and thus the possibly strong) LFSR designs in the hope that I may find some high quality designs that have astronomical stream lengths before repetition.
Though I wonder if 2D would be as good as 3D for finding patterns. It seems being able to rotate the sampled data in real time would be better for finding a pattern that can be missed with a single 2D picture. Or is this the authors way to simply represent very high resolution numbers on relatively low resolution screens?
I have also been thinking of plotting streams to 2D images which I would then blur to greyscale to search for patches of light and dark to show low quality designs and save designs that show the best uniform shade of grey as possible candidates to be considered strong and thus used in designs that make up multiple hashed LFSR designs that provide stream lengths greater than the bit depth of the output itself.
It's not technical if you are really into it. ; )
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Yeah.. but again, you can't see the response. Same boat as spoofing the connection in the first place.
yes, there are situations where you can do something nasty with it.. but they are rather specific ones, and rely on using unsecure protocols anyway.
TCP was not designed to be secure. It was designed to get packets reassembled in order, and to be able to dynamically change it's transmission properties to deal with congestion.