Re: Chances of guessing?

der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Fri, 27 Jan 1995 14:59:42 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc Tamsky: "Re: Would an encrypted tunnel solve the SeqNo guessing attack?"
Previous message: Timothy Newsham: "Re: Hijacking tool"
Maybe in reply to: Leo Bicknell: "Chances of guessing?"
Next in thread: Timothy Newsham: "Re: Chances of guessing?"

> I've read the procedure for guessing sequence numbers and the like,
> and it seems simple enough, except on any system with a heavy load.
> For instance, take a machine that gets 20 new connections/second on
> average (fairly likely on a machine thats run as a WWW server for
> instance).  Given that most systems increment the sequence counter by
> some amount per new connection, and you can't predict how many new
> connections will occur in a given time interval it seems that this
> hole just got a lot harder to exploit.

A little harder.  If there is, say, an average of 1/10 second between
your initial probe and your attack packet, then all the attacker needs
to do is add in the per-connection value once or twice.  True,
depends on luck...but it doesn't make it hard enough that the program
won't succeed after a half-dozen tries.

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

Next message: Marc Tamsky: "Re: Would an encrypted tunnel solve the SeqNo guessing attack?"
Previous message: Timothy Newsham: "Re: Hijacking tool"
Maybe in reply to: Leo Bicknell: "Chances of guessing?"
Next in thread: Timothy Newsham: "Re: Chances of guessing?"