I read them all.
> The problem isn't related to 2.0.3x - it well applies to 2.3.18 kernel.
> It's a rather fresh idea (I haven't heard about it before this August) about
> TCP spoofing attack based exactly on predictable IP IDs.
It is using a quirk of TCP that allows you to get above/below info out of
some TCP/IP stacks. The correct fix is at the TCP layer. The technique is
unusual and a variant of the approach of spoofing the connection using a public
and open SNMP router table.
You fix it by removing the real problem - the fact you can use TCP reply as an
oracle for predicting sequence space in linux 2.0. This also fixes the
traffic analysis variation where access to an IPSEC tunnel lets you pull
the same trick by just looking to see if there are packets with roughly the
same timing as your unencrypted spoofed SYN's
On a fast link btw you can use packet delay timing to achieve the same thing
So I think a 3 line tcp tweak beats an AVL tree.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/