Nmap Development mailing list archives
Re: Any Advice (Summer_Of_Code_2008)
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 4 Mar 2008 20:55:28 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yavuz, With your math and cryptography background you may be interested in doing research on various OS initial TCP sequence numbers. As I'm sure you are well aware, a purely mathematical process can not generate a sequence of true "random" numbers. This presents a major problem in TCP networking because, for a few security reasons, the first TCP sequence number needs to be random and unpredictable. See RFC 1948 (http://www.faqs.org/rfcs/rfc1948.html) for more information. Most OS vendors have chosen to err on the side of speed and efficiency rather than the side of security when it comes to sequence numbers. Michal Zalewski has done a lot of work on the subject: http://lcamtuf.coredump.cx/oldtcp/tcpseq.html And followed up with: http://lcamtuf.coredump.cx/newtcp/ This is good news for Nmap because finding structure in the sequence numbers is one way Nmap determines OS version. Nmap collects 6 ISNs and performs some basic math on them to try to fit them into various classes. Unfortunately, most modern operating systems are using decent enough PRNGs that it is very hard to identify the OS from only 6 ISNs without some pretty sophisticated analysis. If you were to do work in classifying different OS ISN generators there is a good chance that you could help Nmap better identify the target OS in a scan based on ISNs. Michal Zalewski's work used three-dimensional analysis and was quite successful. Nmap collects 6 ISNs so you could potentially do 4 or 5 dimensional analysis to try to predict the 5th or 6th ISN in the sequence. Good luck, I hope you end up doing great SoC work. Brandon On Tue, 4 Mar 2008 15:56:31 +0200 "yavuz gokirmak" <ygokirmak () gmail com> wrote:
Hi, I'm a computer engineer graduated from METU <http://www.metu.edu.tr/> and I've one year to complete master degree in cryptography, I. Applied Math METU <http://www3.iam.metu.edu.tr/iam/index.php/Main_Page> I am interested in security issues and networking, I have no detailed information about nmap, can you give any advice so that I can improve my background before gsoc 2008 starts... thanks in advance, yavuz...
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHzbdLqaGPzAsl94IRAmgQAKDACjOUk0UI+zl4JRIC98KSNyXfRgCgk2Zr rLRiijVebGBlk2dE42STLMM= =j5z5 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Any Advice (Summer_Of_Code_2008) yavuz gokirmak (Mar 04)
- Re: Any Advice (Summer_Of_Code_2008) Brandon Enright (Mar 04)