Re: [fw-wiz] Firewalls that generate new packets..



On Thu, 29 Nov 2007, Darden, Patrick S. wrote:

You're assuming a blind attack, a very dangerous assumption. Even with a
blind attack, you're assuming that (a) the attacker's prediction efforts
are stymied by hard-to-predict sequence numbers and (b) the attacker
(or defender) lacking enough bandwidth to brute force the sequence number
or the likey sequence number space.

I am not assuming a blind attack. I was positing an example situation
that highlighted the importance of TCP sequence numbers. Please do not
put words in my mouth.

But the predictability of ISNs are only important in blind attacks- if the
attacker can sniff the ISNs, then the sequence numbers have no
value to a connection under attack as far as I can tell. So if your
scenario doesn't assume a blind attack what am I missing?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Firewalls that generate new packets..
    ... You're assuming a blind attack, ... are stymied by hard-to-predict sequence numbers and the attacker ... TCP handshake stage. ... "Prearranged formula decided on during the TCP handshake?" ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... Paul, you told me this off the list, plus a lot more. ... I understand that you are the moderator and I ... are stymied by hard-to-predict sequence numbers and the attacker ... I am not assuming a blind attack. ...
    (Firewall-Wizards)