[lwip-users] Re: [lwip] TCP sequence number attacks

[Adam Dunkels]

Hi!

The TCP sequence number prediction vulnerability has been known for some
time now (see for example RFC1948 from May 1996) and lwIP definately
isn't very good at providing protection against it. The problems it can
cause is that programs that use the IP address for authentication can in
some cases be fooled and there are some possibilities for DoS attacks.

The right way to solve it isn't just to do iss = random(), though. I
don't remember the exact way to do it (RFC1948 has an algorithm).

How do you provide cryptographicly secure randomness by the way?

/adam

On Tue, 2002-07-02 at 17:14, address@hidden wrote:
> 
> check out this article:
> 
> http://slashdot.org/articles/02/06/30/1334233.shtml?tid=172
> 
> 
>  u32_t
>  tcp_next_iss(void)
>  {
> +#ifdef __PAULOS__
> +  return random();   /* XXX indeed! - */
> +/* See http://razor.bindview.com/publish/papers/tcpseq.html */
> +#else
>    static u32_t iss = 6510;
>    
>    iss += tcp_ticks;       /* XXX */
>    return iss;
> +#endif
>  }
>  
> note that PaulOS random() is cryptographically secure.
> not true of most other OS's
> 
> -paul
> 
> 
> 
> ---------------------------------------------
> This message was sent using World Mail.
> http://www.worldonline.co.za
> 
> 
> [This message was sent through the lwip discussion list.]
-- 
Adam Dunkels <address@hidden>
http://www.dunkels.com/adam/

[This message was sent through the lwip discussion list.]