Re: preventing sequence number guessing

Timothy Newsham (newsham@aloha.net)
Wed, 25 Jan 1995 10:10:25 -1000 (HST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: preventing sequence number guessing"
Previous message: Timothy Newsham: "Re: Blind IP Spoofing Attacks."
In reply to: David A. Wagner: "preventing sequence number guessing"
Next in thread: Perry E. Metzger: "Re: preventing sequence number guessing"

> I've only got one novel idea: instead of using tcp_iss directly
> for the SYN everytime a new TCP/IP connection is opened, send
> MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].

This sounds awefully expensive.  One md5 operation for each
new passive or active connection.

> MD5 to predict sequence numbers.  MD5 is quite fast (is it fast
> enough?) and is completely exportable.  Code for MD5 is available

This is a good question.  How many connections do you expect per
second (both incoming and outgoing)?  How much of a load will
this place on the rest of the machine?

Next message: Perry E. Metzger: "Re: preventing sequence number guessing"
Previous message: Timothy Newsham: "Re: Blind IP Spoofing Attacks."
In reply to: David A. Wagner: "preventing sequence number guessing"
Next in thread: Perry E. Metzger: "Re: preventing sequence number guessing"