BugTraq
A new TCP/IP blind data injection technique? Dec 10 2003 11:28PM
Michal Zalewski (lcamtuf ghettot org) (3 replies)
RE: A new TCP/IP blind data injection technique? Dec 11 2003 04:38PM
David Gillett (gillettdavid fhda edu)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 07:37AM
Nick Cleaton (nick cleaton net) (2 replies)
Breaking the checksum (a new TCP/IP blind data injection technique) Dec 14 2003 02:38PM
Michal Zalewski (lcamtuf ghettot org)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:06PM
Valdis Kletnieks vt edu (1 replies)
Re[2]: A new TCP/IP blind data injection technique? Dec 13 2003 09:59AM
Marius Huse Jacobsen (mahuja c2i net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Valdis,

Thursday, December 11, 2003, 9:06:26 AM, you wrote:

VKve> However, it's a trivial matter to take the original text, the replacement text,
VKve> and compute an original such that the checksum comes out "the same".

Only this is a scenario where we don't have the "original text". If we
had, we could have just ripped out the sequence numbers and skipped
the whole problem.

As long as we don't know anything of the original data we have to
guess the correct checksum.

Still, 1 of 65535 is a lot better than... what is it, 2**64 ?

- --
Best regards,
Marius mailto:mahuja (at) c2i (dot) net [email concealed]

-----BEGIN PGP SIGNATURE-----

iQA/AwUBP9rjLJfZ2CSWpu1rEQIDnwCeI0wMODSSAJLgob1jSl+IDFw3uWMAoLhM
zR9zJ8TPn/0lOWXgJvBq2lZG
=CvFw
-----END PGP SIGNATURE-----

[ reply ]
Re: A new TCP/IP blind data injection technique? Dec 10 2003 11:59PM
Kris Kennaway (kris FreeBSD org) (1 replies)
Re: A new TCP/IP blind data injection technique? Dec 11 2003 05:17PM
Casper Dik (casper holland sun com)


 

Privacy Statement
Copyright 2010, SecurityFocus