[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Details on TCP sequence numbers (RE: C API: minor comments)



At 09:49 16.11.99 -0800, Paul Leach (Exchange) wrote:

As I said before, I was concerned in the LDAP/UDP case -- not yet a standard, but there was support for progressing it at the last IETF.

In that case, and for anonymous access, and assuming that the attacker has a good idea what requests are going to look like, then it is possible to inject bogus responses, or even bogus requests, without being able to see the traffic. The TCP example was intended to be analagous, not identical -- I was using it as an illustration of the technique -- clearly attackers have a much better idea of what SYN packets look like than what the first LDAP request will look like.

Assuming that there will be no authentication in CLDAP, and that it will be used to access or change non-public information?


Using random initial sequence numbers seems a small price to pay to avoid worries. It is very hard to predict the consequences of having such a vulnerability.

For unauthenticated CLDAP - yes.

I still say it does not matter in the present batch of specs.

                      Harald

--
Harald Tveit Alvestrand, Maxware, Norway
Harald.Alvestrand@maxware.no