Vulnerability Development mailing list archives

Re: TCP/IP ISN Prediction Susceptibility

From: "Eric D. Williams" <eric () INFOBRO COM>
Date: Tue, 13 Mar 2001 13:18:14 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.zdnet.com/zdnn/stories/news/0,4586,2694878,00.html

Eric Williams, Pres.
Information Brokers, Inc.    Phone: +1 202.889.4395
http://www.infobro.com/        Fax: +1 202.889.4396
                mailto:eric () infobro com
           For More Info: info () infobro com
                    PGP Public Key
   http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF  7B19 0544 A590 FF65 B789

On Monday, March 12, 2001 4:54 PM, Solar, Eclipse
[SMTP:solareclipse () PHREEDOM ORG] wrote:

Quoted from http://www.guardent.net/pr2001-03-12-ips.html

Waltham, MA -- March 12, 2001 -- Guardent, Inc., the leading
provider of security and privacy programs for Global 2000
organizations, today released new information regarding a
significant weakness in many implementations of the
Transmission Control Protocol (TCP) that affects a large
population of Internet and network-connected devices.

Tim Newsham, a senior research scientist at Guardent,
discovered a method by which malicious users can close
down or "hijack" TCP-based sessions on the Internet or
on corporate networks. The research, titled "ISN Prediction
Susceptibility", exposes a weakness in the generation of
TCP Initial Sequence Numbers, which are used to maintain
session information between network devices.

Prior to Guardent's discovery, it was believed that TCP
sessions were sufficiently protected from attacks by the
random generation of initial sequence numbers. It is now
known that these numbers are guessable on many platforms,
with a high degree of accuracy. The ability to accurately
guess sequence numbers, combined with readily available
session information, allows for a variety of sophisticated
attacks on computer networks.


It seems that Guardent claims that the pseudo-random ISN
generation algorithm implemented in most TCP/IP stacks
is flawed. Does anybody have more information about this?

Solar Eclipse

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOq5kZgVEpZD/ZbeJEQLDegCffx0njdKp0sy0rCEFywkV8ezXcTAAn1OH
QwqQ12CAR/BFUovfHui+moAE
=5mC9
-----END PGP SIGNATURE-----

Current thread:

Re: TCP/IP ISN Prediction Susceptibility, (continued)
- - Re: TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Holger van Koll (Mar 13)
  - Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
    - Re: TCP/IP ISN Prediction Susceptibility Olaf Kirch (Mar 14)
    - Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Sues (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Dom De Vitto (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Vitaly Osipov (Mar 13)
  - Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Fedyk (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Eric D. Williams (Mar 13)