BugTraq
A new TCP/IP blind data injection technique? Dec 10 2003 11:28PM
Michal Zalewski (lcamtuf ghettot org) (3 replies)
RE: A new TCP/IP blind data injection technique? Dec 11 2003 04:38PM
David Gillett (gillettdavid fhda edu)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 07:37AM
Nick Cleaton (nick cleaton net) (2 replies)
Breaking the checksum (a new TCP/IP blind data injection technique) Dec 14 2003 02:38PM
Michal Zalewski (lcamtuf ghettot org)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:06PM
Valdis Kletnieks vt edu (1 replies)
Re[2]: A new TCP/IP blind data injection technique? Dec 13 2003 09:59AM
Marius Huse Jacobsen (mahuja c2i net)
Re: A new TCP/IP blind data injection technique? Dec 10 2003 11:59PM
Kris Kennaway (kris FreeBSD org) (1 replies)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:17PM
Casper Dik (casper holland sun com)

>On Thu, Dec 11, 2003 at 12:28:28AM +0100, Michal Zalewski wrote:
>
>> 2. Random IP ID numbers, a feature of some systems (OpenBSD?), although also
>> risky (increasing reassembly collission probability), make the attack
>> more difficult.
>
>FreeBSD also has the option of randomizing the IP ID.

Solaris uses a different IP ID sequence for each system it
communicates with; you'll need to be able to see the packets
go by (in which case TCP splicing is child's play).

Casper

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus