Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux blind TCP spoofing, act II + others

From: antirez () SPEEDCOM IT (Salvatore Sanfilippo -antirez-)
Date: Tue, 10 Aug 1999 05:43:02 +0200

A secure patch is work in progress thanks to precious
advices from Solar Designer and Theo de Raadt.
I'll send this patch to bugtraq when done.
Please, if you are some good links about how to
is possible to compute N for 'X^2 mod N' generator
in real-time or links about others hard to predict
RNG send me an email.

antirez

On Sat, Aug 07, 1999 at 09:58:10AM -0700, David Wagner wrote:

In article <19990806123911.A1147 () speedcom it>,
Salvatore Sanfilippo -antirez-  <antirez () speedcom it> wrote:

    i think that a consecutive IP id now can be considered
    a weakness in IP stacks. [...] Here is a patch for
    linux 2.0.36 [...] 'Truly random id' [...]


Your patch isn't secure.  It uses a weak pseudo-random number
generator to generate id's, and an attacker can just crack the
PRNG to predict what id's will be used in the future.

I think you probably want to use /dev/urandom to generate your
IP id's, to prevent this attack.  (Or use a variant of Bellovin's
RFC 1948, adapted to generate IP id's instead of TCP ISN's.)


--
Salvatore Sanfilippo      antirez () speedcom it     antirez () alicomitalia it
ALICOM snc  Tel: +39-0871-403522  Fax: +39-0871-41960 Web: www.alicom.com
                 try hping: http://www.kyuzz.org/antirez
FreeSilviaBaraldiniFreeSilviaBaraldiniFreeSilviaBaraldiniFreeSilviaBarald
Previous By Date Next
Previous By Thread Next

Current thread: