Nmap Development mailing list archives

Re: Any Advice (Summer_Of_Code_2008)

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 4 Mar 2008 20:55:28 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yavuz,

With your math and cryptography background you may be interested in
doing research on various OS initial TCP sequence numbers.  As I'm sure
you are well aware, a purely mathematical process can not generate a
sequence of true "random" numbers.  This presents a major problem in
TCP networking because, for a few security reasons, the first TCP
sequence number needs to be random and unpredictable.  See RFC 1948
(http://www.faqs.org/rfcs/rfc1948.html) for more information.

Most OS vendors have chosen to err on the side of speed and efficiency
rather than the side of security when it comes to sequence numbers.

Michal Zalewski has done a lot of work on the subject:
http://lcamtuf.coredump.cx/oldtcp/tcpseq.html
And followed up with:
http://lcamtuf.coredump.cx/newtcp/

This is good news for Nmap because finding structure in the sequence
numbers is one way Nmap determines OS version.  Nmap collects 6 ISNs
and performs some basic math on them to try to fit them into various
classes.  Unfortunately, most modern operating systems are using decent
enough PRNGs that it is very hard to identify the OS from only 6 ISNs
without some pretty sophisticated analysis.

If you were to do work in classifying different OS ISN generators there
is a good chance that you could help Nmap better identify the target OS
in a scan based on ISNs.

Michal Zalewski's work used three-dimensional analysis and was quite
successful.  Nmap collects 6 ISNs so you could potentially do 4 or 5
dimensional analysis to try to predict the 5th or 6th ISN in the
sequence.

Good luck, I hope you end up doing great SoC work.

Brandon


On Tue, 4 Mar 2008 15:56:31 +0200
"yavuz gokirmak" <ygokirmak () gmail com> wrote:

Hi,
I'm a computer engineer graduated from METU <http://www.metu.edu.tr/>
and I've one year to complete master degree in cryptography, I.
Applied Math METU
<http://www3.iam.metu.edu.tr/iam/index.php/Main_Page> I am interested
in security issues and networking,

I have no detailed information about nmap,
can you give any advice so that  I can improve my background before
gsoc 2008 starts...

thanks in advance,
yavuz...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHzbdLqaGPzAsl94IRAmgQAKDACjOUk0UI+zl4JRIC98KSNyXfRgCgk2Zr
rLRiijVebGBlk2dE42STLMM=
=j5z5
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Any Advice (Summer_Of_Code_2008) yavuz gokirmak (Mar 04)
- Re: Any Advice (Summer_Of_Code_2008) Brandon Enright (Mar 04)