Bugtraq mailing list archives
Chances of guessing?
From: bicknell () ussenterprise async vt edu (Leo Bicknell)
Date: Fri, 27 Jan 1995 10:38:48 -0500 (EST)
I've been following the discussion on IP spoofing, and ways to prevent it. While all that is well and good, I would like an objective measure of risk. I've read the procedure for guessing sequence numbers and the like, and it seems simple enough, except on any system with a heavy load. For instance, take a machine that gets 20 new connections/second on average (fairly likely on a machine thats run as a WWW server for instance). Given that most systems increment the sequence counter by some amount per new connection, and you can't predict how many new connections will occur in a given time interval it seems that this hole just got a lot harder to exploit. I'm not advocating relying on the system load for security, just trying to get an idea of how quickly someone might be able to get in. I'd like to avoid writing a program to exploit this and testing it several hundred times here to get a figure. -- Leo Bicknell - bicknell () vt edu | Make a little birdhouse bicknell () csugrad cs vt edu | in your soul...... bicknell () ussenterprise async vt edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants
Current thread:
- Very Confused!!, (continued)
- Very Confused!! Mohamad A Khatoun (Jan 27)
- Notes from Tsutomo's Talk Michael B. Dilger (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Shipley (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Aleph One (Jan 31)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Daniel O'Callaghan (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Brian J. Murrell (Jan 26)
- BOUNCE TEST Scott Chasin (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jon Peatfield (Jan 27)
- Chances of guessing? Leo Bicknell (Jan 27)
- Re: Chances of guessing? Timothy Newsham (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Darren Reed (Jan 26)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Shipley (Jan 26)
- old post on securing a sunos 4.1.* box joshua geller (Jan 30)
- Re: old post on securing a sunos 4.1.* box pluvius (Jan 30)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) smb () research att com (Jan 26)
- Re: Re: Router filtering not enough! (Was: Re: CERT advisory ) Pete Hartman (Jan 26)
- Re: Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jonathan M. Bresler (Jan 27)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) smb () research att com (Jan 27)