[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Details on TCP sequence numbers (RE: C API: minor comments)
- To: 'Harald Tveit Alvestrand' <Harald@Alvestrand.no>, "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>, "'Kurt D. Zeilenga'" <kurt@boolean.net>, Mark Wahl <M.Wahl@INNOSOFT.COM>
- Subject: RE: Details on TCP sequence numbers (RE: C API: minor comments)
- From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
- Date: Tue, 16 Nov 1999 09:49:34 -0800
- Cc: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>, mcs@netscape.com, howes@yahoo.com, "Andy Herron (Exchange)" <andyhe@Exchange.Microsoft.com>, "Anoop Anantha (Exchange)" <anoopa@Exchange.Microsoft.com>, kurt@OpenLDAP.Org, ietf-ldapext@netscape.com
- Resent-date: Tue, 16 Nov 1999 09:50:16 -0800 (PST)
- Resent-from: ietf-ldapext@netscape.com
- Resent-message-id: <"r5kmPD.A.7BD.NlZM4"@glacier>
- Resent-sender: ietf-ldapext-request@netscape.com
Title: RE: Details on TCP sequence numbers (RE: C API: minor comments)
As I said before, I was concerned in the LDAP/UDP case -- not yet a standard, but there was support for progressing it at the last IETF.
In that case, and for anonymous access, and assuming that the attacker has a good idea what requests are going to look like, then it is possible to inject bogus responses, or even bogus requests, without being able to see the traffic. The TCP example was intended to be analagous, not identical -- I was using it as an illustration of the technique -- clearly attackers have a much better idea of what SYN packets look like than what the first LDAP request will look like.
Using random initial sequence numbers seems a small price to pay to avoid worries. It is very hard to predict the consequences of having such a vulnerability.
Paul