FreeBSD syncookies TCP Initial Sequence Number Weakness

The FreeBSD implementation of syncookies are prone to brute force attacks. This is due to generated keys being 32 bits in length.

It is possible to generate valid ISN keys using a compromised syncookie. This may allow an attacker to spoof TCP connections that may be used to bypass IP-based access control lists.

Other attacks, including denial of service attacks, are also possible.


Privacy Statement
Copyright 2010, SecurityFocus