lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040420225925.2A32.0@argo.troja.mff.cuni.cz>
From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky)
Subject: Core Internet Vulnerable - News at 11:00

On Tue, 20 Apr 2004, Michal Zalewski wrote:

> That said, kudos to Watson: it is definitely good to see this problem
> being finally discussed in broad daylight; I think it would be good to see
> some kludges intended to mitigate it a bit.

Data injection may be thwarted by TCP timestamps (RFC 1323). Timestamps
are 32-bits long and received echoed timestamps must correspond to
(recently) sent timestamps. The exact implementation would probably be
somewhat tricky but I think it might be able to extend the "effective
sequence number" by at least 16 bits.

A spoofed "timestamp-less" SYN or SYN-ACK packet during the initial 3-way
handshake might prevent the use of TCP timestamps but an attacker would
have to guess full 32 bits of an ISN (or of two ISNs in the SYN-ACK case).

Unfortunately timestamps won't help against spoofed RST packets because
existing TCP implementations are supposed not to send them in RST
packets.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ