Re: tcp vulnerability? haven't seen anything on it here...

From: Richard B. Johnson
Date: Thu Apr 22 2004 - 06:36:38 EST

On Thu, 22 Apr 2004, Giuliano Pochini wrote:

> On 21-Apr-2004 David S. Miller wrote:
> > On Wed, 21 Apr 2004 19:03:40 +0200
> > Jörn Engel <joern@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >> made it appear, as if the only news was that with tcp
> >> windows, the propability of guessing the right sequence number is not
> >> 1:2^32 but something smaller. They said that 64k packets would be
> >> enough, so guess what the window will be.
> >
> > Yes, that is their major discovery. You need to guess the ports
> > and source/destination addresses as well, which is why I don't
> > consider this such a serious issue personally.
> Yes, but it is possible, expecially for long sessions. Also,
> data injections is also possible with the same method, because
> the receiver accepts everything inside the window, which is
> usually 64k. Out of curiosity: in case Linux receives two
> packets relative to the same portion of the stream, does it
> check if the overlapping data is the same ? It would add extra
> security about data injection in case the data has not been
> sent to userspace yet.

Has anybody checked to see what Linux does if it receives a
RST to the broadcast address? It would be a shame if all
connections were dropped!

Dick Johnson
Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
Note 96.31% of all statistics are fiction.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at