Bugtraq mailing list archives

Re: preventing sequence number guessing

From: perry () imsi com (Perry E. Metzger)
Date: Wed, 25 Jan 1995 17:02:43 -0500


Timothy Newsham says:

I've only got one novel idea: instead of using tcp_iss directly
for the SYN everytime a new TCP/IP connection is opened, send
MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].


This sounds awefully expensive.  One md5 operation for each
new passive or active connection.


Compared to the draft I just wrote for the MD5 based Authentication
Header for IPv4 which does an MD5 for each packet, this is very
lightweight indeed. :-)

Current thread:

Re: Recent troubles, (continued)
- Re: Recent troubles Darren Reed (Jan 24)
- preventing sequence number guessing David A. Wagner (Jan 24)
  - Re: preventing sequence number guessing Darren Reed (Jan 24)
  - accpet(3n) under SOlaris 2.4 Jas (Jan 25)
    - Re: accpet(3n) under SOlaris 2.4 Casper Dik (Jan 25)
  - Re: preventing sequence number guessing Timothy Newsham (Jan 25)
    - IP Spoofing and Vendors' attitude Christopher Klaus (May 12)
    - Re: IP Spoofing and Vendors' attitude Oliver Friedrichs (Jan 25)
    - Re: IP Spoofing and Vendors' attitude Mark (Jan 26)
    - Re: preventing sequence number guessing David A. Wagner (Jan 25)
    - Re: preventing sequence number guessing Perry E. Metzger (Jan 25)
- Re: Recent troubles der Mouse (Jan 25)