BugTraq
A new TCP/IP blind data injection technique? Dec 10 2003 11:28PM
Michal Zalewski (lcamtuf ghettot org) (3 replies)
RE: A new TCP/IP blind data injection technique? Dec 11 2003 04:38PM
David Gillett (gillettdavid fhda edu)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 07:37AM
Nick Cleaton (nick cleaton net) (2 replies)
Breaking the checksum (a new TCP/IP blind data injection technique) Dec 14 2003 02:38PM
Michal Zalewski (lcamtuf ghettot org)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:06PM
Valdis Kletnieks vt edu (1 replies)
On Thu, 11 Dec 2003 07:37:02 GMT, Nick Cleaton said:

> Even if the attacker knows or controls every other byte in the packet
> and thus controls the checksum before the final 16 bits go in, the final
> checksum is as unpredictable as those 16 bits.

However, it's a trivial matter to take the original text, the replacement text,
and compute an original such that the checksum comes out "the same".

1) Read the RFCs on how to do incremental update of the checksum when decrementing
the TTL - that provides some big hints.

2) Walk across the old and new texts, computing the delta to the checksum.

3) Smash two spare bytes in the new text with the correct delta to make it come out the same.

Remember, it's a checksum, not a hash.

[ reply ]
Re[2]: A new TCP/IP blind data injection technique? Dec 13 2003 09:59AM
Marius Huse Jacobsen (mahuja c2i net)
Re: A new TCP/IP blind data injection technique? Dec 10 2003 11:59PM
Kris Kennaway (kris FreeBSD org) (1 replies)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:17PM
Casper Dik (casper holland sun com)


 

Privacy Statement
Copyright 2010, SecurityFocus