From: Giuliano Pochini <pochini@shiny.it>
To: "David S. Miller" <davem@redhat.com>
Cc: linux-kernel@vger.kernel.org, netdev@oss.sgi.com,
cfriesen@nortelnetworks.com,
"Jörn Engel" <joern@wohnheim.fh-wedel.de>
Subject: Re: tcp vulnerability? haven't seen anything on it here...
Date: Thu, 22 Apr 2004 10:23:59 +0200 (CEST) [thread overview]
Message-ID: <XFMail.20040422102359.pochini@shiny.it> (raw)
In-Reply-To: <20040421132047.026ab7f2.davem@redhat.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=us-ascii, Size: 1055 bytes --]
On 21-Apr-2004 David S. Miller wrote:
> On Wed, 21 Apr 2004 19:03:40 +0200
> Jörn Engel <joern@wohnheim.fh-wedel.de> wrote:
>
>> Heise.de made it appear, as if the only news was that with tcp
>> windows, the propability of guessing the right sequence number is not
>> 1:2^32 but something smaller. They said that 64k packets would be
>> enough, so guess what the window will be.
>
> Yes, that is their major discovery. You need to guess the ports
> and source/destination addresses as well, which is why I don't
> consider this such a serious issue personally.
Yes, but it is possible, expecially for long sessions. Also,
data injections is also possible with the same method, because
the receiver accepts everything inside the window, which is
usually 64k. Out of curiosity: in case Linux receives two
packets relative to the same portion of the stream, does it
check if the overlapping data is the same ? It would add extra
security about data injection in case the data has not been
sent to userspace yet.
--
Giuliano.
next prev parent reply other threads:[~2004-04-22 8:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-21 15:25 tcp vulnerability? haven't seen anything on it here Chris Friesen
2004-04-21 16:02 ` Richard B. Johnson
2004-04-21 16:25 ` Chris Friesen
2004-04-21 17:03 ` Jörn Engel
2004-04-21 20:20 ` David S. Miller
2004-04-22 0:45 ` James Morris
2004-04-22 5:04 ` Willy Tarreau
2004-04-22 8:23 ` Giuliano Pochini [this message]
2004-04-22 11:35 ` Richard B. Johnson
2004-04-22 13:17 ` Willy Tarreau
2004-04-22 13:42 ` Richard B. Johnson
2004-04-22 14:18 ` Willy Tarreau
2004-04-22 20:25 ` Richard B. Johnson
2004-04-22 21:08 ` Willy Tarreau
2004-04-22 18:28 ` David S. Miller
2004-04-22 13:22 ` jamal
2004-04-22 13:46 ` Giuliano Pochini
2004-04-22 14:27 ` jamal
2004-04-22 14:37 ` alex
2004-04-22 15:17 ` jamal
2004-04-22 15:27 ` alex
2004-04-22 17:38 ` Horst von Brand
2004-04-22 21:15 ` Florian Weimer
2004-04-22 15:42 ` Chris Friesen
2004-04-22 15:47 ` alex
2004-04-23 10:31 ` Florian Weimer
2004-04-22 13:58 ` Florian Weimer
2004-04-23 13:55 ` Florian Weimer
2004-04-23 14:15 ` alex
2004-04-23 14:25 ` jamal
2004-04-22 20:01 ` Ranjeet Shetye
2004-04-22 21:26 ` Sridhar Samudrala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=XFMail.20040422102359.pochini@shiny.it \
--to=pochini@shiny.it \
--cc=cfriesen@nortelnetworks.com \
--cc=davem@redhat.com \
--cc=joern@wohnheim.fh-wedel.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).