[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Details on TCP sequence numbers (RE: C API: minor comments)



Title: RE: Details on TCP sequence numbers (RE: C API: minor comments)

As I said before, I was concerned in the LDAP/UDP case -- not yet a standard, but there was support for progressing it at the last IETF.

In that case, and for anonymous access, and assuming that the attacker has a good idea what requests are going to look like, then it is possible to inject bogus responses, or even bogus requests, without being able to see the traffic. The TCP example was intended to be analagous, not identical -- I was using it as an illustration of the technique -- clearly attackers have a much better idea of what SYN packets look like than what the first LDAP request will look like.

Using random initial sequence numbers seems a small price to pay to avoid worries. It is very hard to predict the consequences of having such a vulnerability.

Paul