‘Strange Attractors and TCP/IP Sequence Number Analysis (Article review)’

Summary

‘A new paper discusses today’s OSs in the field of guessing the ISN (Initial Sequence Number). This article is highly detailed, and contains a good introduction to the problem, as well as deals with the statistical problem of the ISN generators.’

Credit:

‘The article can be downloaded from:
http://razor.bindview.com/publish/papers/tcpseq.html
A printer friendly version can be downloaded from:
http://razor.bindview.com/publish/papers/tcpseq/print.html
The information has been provided by Michal Zalewski.’


Details

‘The article considers the problem of inserting a malicious packet into a TCP connection, as well as establishing a TCP connection using an address that is legitimately used by another machine. It introduces the notion of a Spoofing Set as a way of describing a generalized attack methodology. The article also discusses a method of constructing Spoofing Sets that is based on Phase Space Analysis and the presence of function attractors. It reviews the major network operating systems relative to this attack.

The goal of this document is to suggest a way of measuring relative network-based sequence number generators quality, which can be used to estimate attack feasibility and analyze underlying PRNG function behavior. This approach can be applied to TCP/IP protocol sequence numbers, DNS query identifiers, session-id generation algorithms in cookie-based authentication schemes, etc. ‘

Categories: News