Re: About the initial sequence number (ISN) in windows XP SP2
From: Steve Riley [MSFT] (steriley_at_microsoft.com)
Date: 01/02/05
- Next message: Scott M.: "Re: Win XP Pro Firewall & Norton"
- Previous message: Steve Riley [MSFT]: "Re: MS Fingerprint reader and XP Pro"
- In reply to: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Next in thread: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Reply: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 02 Jan 2005 14:48:23 -0800
Monotonic sequence numbers make it realtively easy to predict sequence numbers
and forge connections using spoofed IP addresses. This wasn't envisioned
by the designers of the protocol way back when.
These are old resources now, but still very useful for learning about the
dangers of predictable sequence numbers. Note that we've finally got it right
in XP and 2003 :)
http://alon.wox.org/tcpseq.html
http://lcamtuf.coredump.cx/newtcp/
Steve Riley
steriley@microsoft.com
> "Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
> news:%23jF5zt37EHA.3840@tk2msftngp13.phx.gbl...
>
>> Hank Oredson wrote:
>>
>>> I'm very curious where you find this in RFC-793.
>>> My own implementation uses a random seed for the first ISN,
>>> and a random increment for further ISNs. I see no place in
>>> RFC-793 that disallows this behavior, and in fact the RFC
>>> seems to suggest it as an optimum implementation.
>> IIRC the only real requirement is that a ISN must be unique for the
>> time it is live? Anything else was just suggestions on how this might
>> be achieved.
>>
> There is a suggestion, somewhere near the end of the RFC, that
> ISNs should be monotonic. Don't have the doc right in front of
> me right now. As I recall it involved multiple connects to the same
> port at the same host, to attempt to avoid SN clash with a lost
> but still half-open connection. I recall the same requirement that
> you do: must be unique for it's TTL ... with a suggested 4 or
> 5 minute max. I've seen many implementations that use the low
> bits of some fast clock to obtain a "sort of random" ISN. Those
> would not be monotonic ;-)
> http://horedson.home.att.net
> http://w0rli.home.att.net
- Next message: Scott M.: "Re: Win XP Pro Firewall & Norton"
- Previous message: Steve Riley [MSFT]: "Re: MS Fingerprint reader and XP Pro"
- In reply to: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Next in thread: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Reply: Hank Oredson: "Re: About the initial sequence number (ISN) in windows XP SP2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
