|
From: | psheer |
Subject: | [lwip-users] [lwip] TCP sequence number attacks |
Date: | Wed, 08 Jan 2003 23:23:55 -0000 |
check out this article: http://slashdot.org/articles/02/06/30/1334233.shtml?tid=172 u32_t tcp_next_iss(void) { +#ifdef __PAULOS__ + return random(); /* XXX indeed! - */ +/* See http://razor.bindview.com/publish/papers/tcpseq.html */ +#else static u32_t iss = 6510; iss += tcp_ticks; /* XXX */ return iss; +#endif } note that PaulOS random() is cryptographically secure. not true of most other OS's -paul --------------------------------------------- This message was sent using World Mail. http://www.worldonline.co.za [This message was sent through the lwip discussion list.]
[Prev in Thread] | Current Thread | [Next in Thread] |