[lwip-users] [lwip] TCP sequence number attacks

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] [lwip] TCP sequence number attacks

From:	psheer
Subject:	[lwip-users] [lwip] TCP sequence number attacks
Date:	Wed, 08 Jan 2003 23:23:55 -0000

check out this article:

http://slashdot.org/articles/02/06/30/1334233.shtml?tid=172


 u32_t
 tcp_next_iss(void)
 {
+#ifdef __PAULOS__
+  return random();     /* XXX indeed! - */
+/* See http://razor.bindview.com/publish/papers/tcpseq.html */
+#else
   static u32_t iss = 6510;
   
   iss += tcp_ticks;       /* XXX */
   return iss;
+#endif
 }
 
note that PaulOS random() is cryptographically secure.
not true of most other OS's

-paul



---------------------------------------------
This message was sent using World Mail.
http://www.worldonline.co.za


[This message was sent through the lwip discussion list.]

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] [lwip] TCP sequence number attacks, psheer, 2003/01/08
- [lwip-users] [lwip] TCP sequence number attacks, psheer <=

Prev by Date: [lwip-users] Re: Re: [lwip] The future of lwIP
Next by Date: [lwip-users] [lwip] javadoc / doxygen
Previous by thread: [lwip-users] [lwip] TCP sequence number attacks
Next by thread: [lwip-users] [lwip] How to get speedy results for large data xfers
Index(es):
- Date
- Thread