Re: predictable IP ID

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 4 Oct 1999 14:26:31 +0100 (BST)


> Predictable IP IDs is not just a question about losing packets because
> attackers can create junk fragments.

Oh not this one again.

The checksum of the tcp header or UDP header covers the entire packet after
reassembly. That means that feeding in a corrupt fragment causes a checksum
failure and packet discard.

The original TCP authors had that one covered. IP sequence space is shorter
than max ttl so all protocols need to be robust against suprise
fragment delivery.

> There are other possible attacks. For example predictable IP IDs can be used
> to completely bypass TCP connection security based on unpredictable TCP sequence

> numbers. Tools exploiting this weakness already exist. See
> http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-1&msg=BUGTRAQ%251999080211573830@LISTS.SECURITYFOCUS.COM
>

This URL has nothing to do with IP sequence guessing. It references some old
unrelated 2.0.3x thing.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/