Re: preventing sequence number guessing

Perry E. Metzger (perry@imsi.com)
Wed, 25 Jan 1995 17:02:43 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christopher Klaus: "IP Spoofing and Vendors' attitude"
Previous message: Timothy Newsham: "Re: preventing sequence number guessing"
In reply to: Timothy Newsham: "Re: preventing sequence number guessing"
Next in thread: David A. Wagner: "Re: preventing sequence number guessing"

Timothy Newsham says:
> > I've only got one novel idea: instead of using tcp_iss directly
> > for the SYN everytime a new TCP/IP connection is opened, send
> > MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)].
> 
> This sounds awefully expensive.  One md5 operation for each
> new passive or active connection.

Compared to the draft I just wrote for the MD5 based Authentication
Header for IPv4 which does an MD5 for each packet, this is very
lightweight indeed. :-)

Next message: Christopher Klaus: "IP Spoofing and Vendors' attitude"
Previous message: Timothy Newsham: "Re: preventing sequence number guessing"
In reply to: Timothy Newsham: "Re: preventing sequence number guessing"
Next in thread: David A. Wagner: "Re: preventing sequence number guessing"