Bugtraq mailing list archives

Re: NT4-SP3 Sequence Prediction

From: zeus () SHELL ACADIACOM NET (Mark Gansle)
Date: Wed, 9 Sep 1998 17:31:09 -0500


On Wed, 9 Sep 1998 nate () ROOT ORG wrote:

It is very easy.  Assume that you have a standard deviation of 3 in the
sequence every 10 ms (Ivan Arce measured a stdev of 2.6942).  This means
that a single guessed sequence of 499, 500, or 501 has a ~68% (1 stdev)
chance of being correct. Assuming you are guessing one every 10 ms, it
would only take 3 tries (30 ms) for you to have a better than 90% chance
of succeeding.


Just as a point of order, ~68% would fall between 496 and 502, assuming a
bell-shaped curve.  Your numbers fell within a one-standard-deviation
interval, and 68% fall within one standard deviation (plus or minus) of
the mean (499, according to Ivan).  Plus, I'd wonder if the distribution
is truly bell-shaped.

Regardless of this point, your argument is still valid.  Chebysev's
theorem tells us that at least 75% would fall within a 12-unit interval,
which means that this is open to a not-so-brute force attack.

Mark Gansle

Current thread:

Re: NT4-SP3 Sequence Prediction nate () ROOT ORG (Sep 09)
- Re: NT4-SP3 Sequence Prediction Mark Gansle (Sep 09)
- SSH 1.2.25/HP-UX 10.20 Vulnerability Security Research Team (Sep 10)
  - Re: SSH 1.2.25/HP-UX 10.20 Vulnerability Joao Miguel Neves (Sep 10)
- <Possible follow-ups>
- Re: NT4-SP3 Sequence Prediction Steve Bellovin (Sep 09)