Re: predictable IP ID

Savochkin Andrey Vladimirovich (saw@msu.ru)
Mon, 4 Oct 1999 17:51:28 +0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ian Soboroff: "Makefile could check gcc version?"
Previous message: Ted Gervais: "Oooops! %$"
In reply to: Ian Soboroff: "Makefile could check gcc version?"

On Mon, Oct 04, 1999 at 02:26:31PM +0100, Alan Cox wrote:
> > Predictable IP IDs is not just a question about losing packets because
> > attackers can create junk fragments.
>
> Oh not this one again.
>
> The checksum of the tcp header or UDP header covers the entire packet after
> reassembly. That means that feeding in a corrupt fragment causes a checksum
> failure and packet discard.
>
> The original TCP authors had that one covered. IP sequence space is shorter
> than max ttl so all protocols need to be robust against suprise
> fragment delivery.

Alan, I completely understand this issue. I'm not so ignorant ;-)
And attacks on the defragmentation process WAS NOT a reason to write the patch.

> > numbers. Tools exploiting this weakness already exist. See
> > http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-1&msg=BUGTRAQ%251999080211573830@LISTS.SECURITYFOCUS.COM
> >
>
> This URL has nothing to do with IP sequence guessing. It references some old
> unrelated 2.0.3x thing.

I suppose you haven't read all the detals.
The problem isn't related to 2.0.3x - it well applies to 2.3.18 kernel.
It's a rather fresh idea (I haven't heard about it before this August) about
TCP spoofing attack based exactly on predictable IP IDs.

Best regards
Andrey

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ian Soboroff: "Makefile could check gcc version?"
Previous message: Ted Gervais: "Oooops! %$"
In reply to: Ian Soboroff: "Makefile could check gcc version?"