Bugtraq mailing list archives
Re: preventing sequence number guessing
From: perry () imsi com (Perry E. Metzger)
Date: Wed, 25 Jan 1995 17:02:43 -0500
Timothy Newsham says:
I've only got one novel idea: instead of using tcp_iss directly for the SYN everytime a new TCP/IP connection is opened, send MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].This sounds awefully expensive. One md5 operation for each new passive or active connection.
Compared to the draft I just wrote for the MD5 based Authentication Header for IPv4 which does an MD5 for each packet, this is very lightweight indeed. :-)
Current thread:
- Re: Recent troubles, (continued)
- Re: Recent troubles Darren Reed (Jan 24)
- preventing sequence number guessing David A. Wagner (Jan 24)
- Re: preventing sequence number guessing Darren Reed (Jan 24)
- accpet(3n) under SOlaris 2.4 Jas (Jan 25)
- Re: accpet(3n) under SOlaris 2.4 Casper Dik (Jan 25)
- Re: preventing sequence number guessing Timothy Newsham (Jan 25)
- IP Spoofing and Vendors' attitude Christopher Klaus (May 12)
- Re: IP Spoofing and Vendors' attitude Oliver Friedrichs (Jan 25)
- Re: IP Spoofing and Vendors' attitude Mark (Jan 26)
- Re: preventing sequence number guessing David A. Wagner (Jan 25)
- Re: preventing sequence number guessing Perry E. Metzger (Jan 25)
- Re: Recent troubles der Mouse (Jan 25)