WebApp Sec mailing list archives
Re: Sequence Identification Routines?
From: "Jeff Williams @ Aspect" <jeff.williams () aspectsecurity com>
Date: Mon, 9 Dec 2002 11:00:21 -0500
Nick, You might be interested in the paper at http;//razor.bindview.com/publish/papers/tcpseq.html. They analyzed the randomness of tcp sequence numbers and represented the results graphically. Of course, this won't actually predict a value, just helps you understand how difficult it would be to predict a value. Generally, this is good enough. --Jeff Jeff Williams, CEO jeff.williams () aspectsecurity com Aspect Security, Inc. www.aspectsecurity.com ----- Original Message ----- From: Nick Jacobsen To: webappsec () securityfocus com Sent: Monday, December 09, 2002 3:51 AM Subject: Sequence Identification Routines? I was hoping one of you might have some input here... I am black box testing a web app that generates a 5 character (letter and number only, lowercase) verification string, that it then emails to the email address on file, and then the receiver has to type it in to continue with his registration... now, I am looking for some sort of programming routines, snippets, or programs, that will look at a set of say, a 1000, numbers, and tell me if there is any sensible pattern, off which to predict the next 5 character string in the sequence. Any suggestions welcome! Thanks, Nick Jacobsen Ethics Design nick () ethicsdesign com
Current thread:
- Sequence Identification Routines? Nick Jacobsen (Dec 09)
- Re: Sequence Identification Routines? Charlie Root (Dec 09)
- Re: Sequence Identification Routines? Jeff Williams @ Aspect (Dec 09)
- RE: Sequence Identification Routines? Tony Welsh (Dec 09)
- Re: Sequence Identification Routines? maddany (Dec 09)
- <Possible follow-ups>
- RE: Sequence Identification Routines? Dawes, Rogan (ZA - Johannesburg) (Dec 10)
- RE: Sequence Identification Routines? securityarchitect (Dec 10)