TCP/IP Sequence Number Analysis 229
johnwbyrd writes "Upon connection via TCP/IP to a host, the host generates an Initial Sequence Number (ISN). It's important to design ISN generation sequences so remote attackers can't predict an ISN (this is called a "blind spoofing" attack). Using phase space analysis you can check the quality of ISNs generated on various OSes. Windows 98's graph is quite pretty."
google cache (Score:2, Informative)
Here is an (almost) complete Mirror. (Score:4, Informative)
Im missing 3 images... for now...
Must be Sunday (Score:2, Informative)
Plus, various folks were using this on big IRC networks after that, but still many years ago.
That "emmanuel-" in #2600 that says he gave the subscription list to the FBI and ran over Walter was a spoof. So was billg in #windows95. That's just the tip of the iceberg.
Everything old is new again.
old news (Score:1, Informative)
Hmm. (Score:1)
The first is easy, the second likey, the third less likely, and so on. Spoofing a long conversation would be very difficult, if not practically impossible.
Re:Hmm. (Score:3, Insightful)
Food for thought.
Re:Hmm. (Score:2)
He was not talking about telnet. He was clearly talking about rsh, as that is a protocol that uses the source IP address for authentication and allows a command to be run. Telnet does not authenticate based on source IP address.
, and if you try to spoof ssh you will have to spoof the crypto as well, which is not feasible (unless it's SSLv1).
This is irrelevant, as he was demonstrating the fact that any obstacles to carrying on a long spoofed connection in no way lessen the risks.
Your response, while containing some minimal level of technical accuracy, is a complete non sequitur.
Re:Hmm. (Score:3, Informative)
that's why you don't run any services that depend on the IP layer for authentication.
Re:Hmm. (Score:2)
No. You are completely and totally wrong. The only hard part is predicting the initial sequence number. For each successive packet, the only problem is guessing how much data was sent so that you can ack it and not end up closing the window. In practice, this is easy, as the amount of data that was sent should be predictable within a narrow range, and it is safe to send multiple guesses.
For those wondering how insecure Microsoft is ... (Score:1, Informative)
Attack feasibility: 97.00%
Operating system: Windows 98 SE
Attack feasibility: 100.00%
Operating system: Windows 95
Attack feasibility: 100.00%
Comment removed (Score:5, Insightful)
Re:For those wondering how insecure Microsoft is . (Score:2, Informative)
well, to be honest, it's not the most uptodate thing in the world. the freebsd tested was 4.2. and there have been significant improvements in tcp sequencing since then (being as we're at 4.6 now) and there is even a kernel compilation flag for random sequences.
so it's probably a year out of date, don't feel so singled out
dave
Re:For those wondering how insecure Microsoft is . (Score:1)
And it does, really! (Although I think Cisco IOS 12.0 makes an even prettyer one).
Relax Bill, we're not out to get you....
Re:For those wondering how insecure Microsoft is . (Score:5, Interesting)
You mean, like this improvement?
Seriously, the post was entitled "for those wondering how insecure Microsoft is", not "for those wondering how Microsoft stacks up against other systems" which, as you point out, would indicate that consumer OSes are pathetic, while 'professional' OSes like NT and 2000 are making modest improvements, and that while the *BSDs are pretty good, and GNU/Linux quite good, there are plenty of older UNIX implimentations that were quite poor, and even pathetic, as well, not to mention CISCO, which makes up much of the internet backbone.
But, since Microsoft is conducting a wholesale attack on our very freedom of choice through it Palladium and DRM efforts, pointing out additional, purely technical reasons for moving away from Microsoft to *BSD and GNU/Linux alternatives and thereby protecting your security as well as your freedom isn't such an ignoble thing to be doing at all.
Re:For those wondering how insecure Microsoft is . (Score:2)
I'm not usually a paranoid "MS wants to rule the world type" but this is a little too convenient a coincidence to ignore.
Re:For those wondering how insecure Microsoft is . (Score:5, Insightful)
The data that was studied for the last two or three years was collected prior to the study commencing, i.e. at least two or three years ago. If you'd bothered to read the paper, you would have noticed that the versions of *BSD and Linux being compared are equally as old (kernel 2.2.x of Linux, for example).
When you conduct a scientific study (not to be confused with the marketing drivel often sold as science and frequently purchased by the likes of Microsoft, and just as frequently disgraced and utterly rebutted a few days later by the scientific community) you collect the data, then you analize the data and draw conclusions from that data. All of that takes time, so any rigorous study conducted is going to be working with data collected at some time in the past.
[opinion]
I'm sure a study will come out showing the appalling weaknesses of Windows XP, but such a study will likely be reviled by Microsoft enthusiasts because, by the time the rigorous work is done, there will be some newer, even more invasive and buggy release of Windows out. That will not, however, make the study any less valid or accurate, any more than it would the study conducted here.
[/opinion]
Re:For those wondering how insecure Microsoft is . (Score:4, Insightful)
Maybe because lots of people are still using Win98 - for economic reasons, because of a need to support old software needed to access critical data, or because considering microsoft's track record so far we tend to assume that in a few years it will be discovered that XP has even worse holes... Or people just don't like WPA, and assume that it's a future revenue enhancement tool - in a few years when MS has a replacement for XP on the market, their site for XP WPA might suddenly have all sorts of problems until people start giving up and buying a new OS when their systems crash and have to be reloaded.
I agree, comparing Win98 to server OS's like BSD isn't fair - there should be two separate comparisons, desktop to desktop and server to server. I gather that in server software, Win2K isn't bad in comparison to other commercial server products, but the OSS products (Linux and BSD) are far better. So Microsoft's bellyaching about OSS being insecure is proven wrong. (And if Linux has improved that much in the last 4 years, it's another indication that when security becomes important, open source can improve much faster than closed.)
As for comparing desktop to desktop, it's hard to arrange a comparison that everyone would agree is fair. First off, you don't exactly have competing desktop OS's - you have MS which writes desktop OS's and tries to upgrade them to run servers later, and you've got everything else (since Mac OS 9), which are *nix server OS's downgraded to run a desktop. It's something for MS to whine about when they lose. Anyhow, MS's latest desktop (XP Home) might have acquired a good sequence randomizer to plug this one hole, but the default installation apparently opens up a lot of others. I wonder how many other utterly brain-dead decisions like allowing Plug-n-Play to work across the network are not yet revealed...
Re:For those wondering how insecure Microsoft is . (Score:1)
So your saying when they ganked the FreeBSD network stack w/o even a tip of the hat, they improved thier non-existant security?
Wow, who'da thunk.
Re:For those wondering how insecure Microsoft is . (Score:2)
Actually this is a case of "You Get What You Don't Pay For" -
HPUX, Windows and AIX are all expensive and suck.
Linux, OpenBSD, FreeBSD are all free and work wonderfully.
So in this case, your level of protection is determined by your inteligence and not by the amount of money you sepend.
That's strange (Score:2, Insightful)
I wonder how it came to be that you didn't publish the only meaningful indications of Microsoft's security? Oh, I know. It's because they are about 1/6th as bad as the outdated versions you impartially decided to cite.
Re:That's strange (Score:1)
It Is Called Research, and it Takes Time (Score:5, Insightful)
That may be, but probably isn't, true.
If you read the article carefully you'll notice that the versions of *BSD and the Linux kernel (2.2.x) are also outdated. This isn't some neferious plot to diss Microsoft (hell, that isn't all that hard to do with cold, hard, factual data in the first place, so there is no need for anyone to cook the data, least of all this study), it is a result of the fact that research and study take time.
I'm sure if the author had looked at Linux 2.4.x and current versions of the BSDs the results would have been significantly better (Mac OS X as well, being a BSD derivative).
As for whether or not the various Windows versions would have been better, that is an assumption we really cannot make. Not for any prejudicial reasons, but because historically they generally haven't always improved, and indeed on at least one occasion (95->98) got considerably worse. We can hope that the security of Windows 2k has improved since then, but there is no real historical precendence to support that hope, in contrast with most other competitors products including the BSDs and Linux products cited here.
The comparison was fair: it was a snapshot of the state of the art taken a couple of years ago, then studied and analized in detail over those past two years. This is how every study that bases itself on factual research works, as opposed to corporate marketing drivel purchased to look like research, as has come from the Microsoft camp on numerous occasions in the last couple of years, and has in every case been thoroughly, and utterly obliterated in public rebuttal.
They're not outdated, they're last year's :-) (Score:2)
Re:For those wondering how insecure Microsoft is . (Score:2)
Only a use of this attack is to get around IP filters, or to hide the origin of a communication.
And you can't receive data.
So attack is feasible.. but not that useful.
Re:For those wondering how insecure Microsoft is . (Score:2)
Re:For those wondering how insecure Microsoft is . (Score:2)
yes, there are situations where you can do something nasty with it.. but they are rather specific ones, and rely on using unsecure protocols anyway.
TCP was not designed to be secure. It was designed to get packets reassembled in order, and to be able to dynamically change it's transmission properties to deal with congestion.
mirror (Score:2, Informative)
Re:mirror (Score:2, Informative)
The mess up the URLS too much.
http://galacticroot.dyndns.org/mirrors/tcpseq/tcp
Re:mirror (Score:2)
Images at the Wayback Machine. (Score:4, Informative)
http://web.archive.org/web/20010605044549/http:/
http://web.archive.org/web/20010605064823/http:/
http://web.archive.org/web/20010605040907/http:/
http://web.archive.org/web/20010605070134/http:/
http://web.archive.org/web/20010824220456/http:/
http://web.archive.org/web/20010605051434/http:/
http://web.archive.org/web/20010828165152/http:
http://web.archive.org/web/20010604211355/http:/
http://web.archive.org/web/20010605052241/http
http://web.archive.org/web/20010605050747/http
http://web.archive.org/web/20010605064736/http
http://web.archive.org/web/20010605061712/http:
http://web.archive.org/web/20010605044904/http:
http://web.archive.org/web/20010605041254/http:
http://web.archive.org/web/20010605054335/http:/
http://web.archive.org/web/20010605061755/http
http://web.archive.org/web/20010605060741/http:
http://web.archive.org/web/20010605051819/http:
http://web.archive.org/web/20010605053140/http:
Remove the spaces, copy-and-paste. We don't want to take the Internet Archive down, as well.
These pictures look familiar. (Score:2)
Re:These pictures look familiar. (Score:2, Informative)
Here's the first bit (Score:1, Funny)
Table of Contents:
0. Abstract
1. Introduction
1.1 TCP Sequence generation and PRNGs
1.2 Spoofing Sets
2. Phase Space Analysis, Attractors and ISN Guessing
2.1 Introduction to Phase Space Analysis
2.2 Using Attractors for Spoofing Set Construction
2.3 Real-Life Attack Algorithms
3. Review of Operating Systems
3.1 Linux
3.2 Windows
3.3 Cisco IOS
3.4 AIX
3.5 FreeBSD and NetBSD
3.6 OpenBSD
3.7 HP/UX
3.8 Solaris
3.9 BSDI
3.10 IRIX
3.11 MacOS
3.12 Multiple Network Devices
3.13 Other PRNG issues
4. Risk Analysis
5. Conclusions
6. References
7. Credits
Appendix A: Phase Space Images of Known Generating Functions
Hopefully now only people who want to read it will click on the link!
Re:Here's the first bit (Score:2)
This is propellor head stuff, but it is not overly technical.
This guy is basically plotting pseudo random number sequences so that a human could look for patterns. Computers can not be trusted to find patterns in all circumstances, whereas a visual pattern can easily stand out to human eyes. Of course, there would be patterns that a human could not detect that would require a computer to find (witness MP3). The question is, how do you plot 32bit numbers which pretty much represent 1 dimensional data of very wide proportions between low and high values?
Break the 32bit numbers up into smaller parts to be viewed as points in 3D space!
I have been interested in LFSR (Linear Feedback Shift Register) PRNG's for a few years, starting out designing them in hardware and then finding out through reading Bruce Schneiers "Applied Cryptography", that I was actually onto something.
I wanted to view my streams broken up into 2D dots as postscript to find patterns that showed weak (and thus the possibly strong) LFSR designs in the hope that I may find some high quality designs that have astronomical stream lengths before repetition.
Though I wonder if 2D would be as good as 3D for finding patterns. It seems being able to rotate the sampled data in real time would be better for finding a pattern that can be missed with a single 2D picture. Or is this the authors way to simply represent very high resolution numbers on relatively low resolution screens?
I have also been thinking of plotting streams to 2D images which I would then blur to greyscale to search for patches of light and dark to show low quality designs and save designs that show the best uniform shade of grey as possible candidates to be considered strong and thus used in designs that make up multiple hashed LFSR designs that provide stream lengths greater than the bit depth of the output itself.
It's not technical if you are really into it. ; )
Not a new problem (Score:3, Interesting)
Which would provide somewhat random ISNs. What we are seeing here is the fact that compuers today are faster than they where twenty years ago, and thus better random (or psuedo-random) ISN generators are needed. Still it's nice to see vendors getting called out on bad implementations.
Re:Not a new problem (Score:2)
This means that even if the underlying random number generator is very poor or not random at all an attacker will not be able to guess your sequence numbers for spoofing attacks. You will still be able to easily guess *your own* ISNs for subsequent connections so the system will appear to be vulnerable in tests like the one in this article. Some of the systems with poor 'attack feasibility' ratings in the article may in fact implement this mechanism.
Re:Not a new problem (Score:2)
Ehmm. No. They found exactly that in Solaris, and reported the issue.
Roger.
old news! (Score:1)
More recent results? (Score:3, Interesting)
It might be useful if it was up to date, however as it stands most of the OSes listed there have had non-trivial revisions and new releases since then: WinXP isn't mentioned; Linux testing is limited to some version of 2.2, with no mention of 2.4; it refers to OpenBSD 2.9 coming out "soon" (3.1 is now available); OS X has had many major improvements since its first release; etc.
Re:More recent results? (Score:2)
For me, although the problem is very old, anyone without a good understanding of statistical analysis won't understand why some semi-random ISN generators are better than other semi-random ISN generators.
By applying this particular visualization scheme, they help to make it clearer. If you're lucky enough to find one of the mirrors where the images are visible, the difference between Linux 2.2 and IRIX is phenomenal. The "nodes" (areas of high spot density) on the IRIX plot clearly show places where guessing ISNs will be more productive. The Linux 2.2 plot just looks like a big fuzzy cloud, slightly more dense in the center. Some of the other plots show interesting patterns like dense squares-within-a-cloud or a small number of very dense nodes.
Possibly the most interesting part, however, is how something like Cisco IOS looks kind of like Windows 98. They "look" similar even though the statistics given (attack feasibility, etc.) are vastly different.
I think the news is in the visualization methods, not in the problem or the solution. As you noted, those are nothing new.
Re:More recent results? (Score:2)
Unfortunately, even though this paper is somewhat old, many of the operating systems mentioned in it are still running and connected to the Internet.
Besides, if the engineers at some company (SGI, MS, IBM) didn't previous think ISN prediction was a problem a couple years ago, they it is not likely they think it is a problem today.
The BSD's (Score:3, Insightful)
What really suprised me in this article is that some of the commercial unices were so poor in their implementation. Solaris was only secured after tweaking, Mac OS X, while not 100% attackable, still wasn't much better. Same for IRIX and AIX. I didn't notice version numbers however, does anyone know if the state has changed for newer version of IRIX? It was also disappointing the the 2.2 series kernel was used - have things changed in 2.4? If not, is there work being done in 2.5/6 ?
And if anyone has ANY insight as to why Window98 is much worse than windows95 I'd love to hear it.
Not recently rewritten. (Score:3, Insightful)
Didn't you question anything when they said 2.2.1x, or OpenBSD 2.8 was "recent"? No? OpenBSD 3.1 is the most recently released one. They've had this for quite a few releases now (didn't you also notice that OpenSSH's default root problem affected OpenBSD 2.9-3.1?). They also had *no* data for Linux 2.4, or Windows XP.
Don't believe me? Scroll down to the bottom of the page where it mentions it was last updated in April 2001.
Re:Read the story: OpenBSD failed the test (Score:1)
Re:The BSD's (Score:2)
A system with a hole, is not vulnerable until someone discovers that hole.
No intrusions were announced before ISS found the hole, if they were it would mean that ISS was not the first to find it and it would have been patched before the ISS discovery also.
So at the end of the day, the default OpenBSD install had a hole, but was not vulnerable because Theo warned people vaguely how to temporarily fix the hole until the full patch was released. So ultimately, no default OpenBSD install was vulnerable that was kept up to date with security patches. If Theo was specific, he would have put a spotlight on 500 lines of OpenSSH code out of 27,000. Which would have led to a quick exploit.
Cancer can be cured, but without a cure for cancer or knowing how to cure cancer can you cure it?
Hit them. Hard. (Score:1, Flamebait)
The author should be hit with a stick.
Hard.
Several times.
There is a standard definition for an attractor in mathematics.
If the author wants to use mathematics, then he should use the well-agreed mathematical definitions and not vague pseudo-mathematical babble.
And yes, I am a mathematician.
What they basically do is to guess the (internal) dimension of the system and trying to get non-trivial attracting set out of it. It's a rather trivial fact that if you get both things right, you can attack the PRNG. However, a decent PRNG won't have any non-trivial attractors.
Re:Hit them. Hard. (Score:3, Insightful)
But I am a statistician, and about the "vague pseudomathematical babble":
Sometimes, when you're presenting stuff to nonspecialists, you need to be a little more vague and pseudomathematical for people to understand. Sometimes it's more important for 100% of the people to get a 80% valid understanding of something than 20% to get a 100% valid understanding. I think it's more accurate in this regard to describe many vague mathematical generalizations as "quasimathematical".
Just being a little vague is ok or even necessary sometimes. The problem with always using "well-agreed mathematical definitions" is that not everybody understands them. There are, however, some who might understand the gist of the argument, and sometimes it's more important to get that across.
Maybe you're of the opinion that we shouldn't explain math to people who don't understand every bit of it known to mankind. I don't believe, though, that people who try to make math a bit more accessible should be "hit hard". On the contrary--they should be encouraged. People pursue things, after all, because they're interested in it, and often, we're interested in the things that are novel to us.
Again, I don't really know enough about it. Maybe this guy was completely incorrect. But quasimathematical babble isn't always bad.
Re:Hit them. Hard. (Score:2)
The problem with always using "well-agreed mathematical definitions" is that not everybody understands them.
And not everybody agrees as to exactly what those "well-agreed" mathematical definitions should be. They do tend to get pretty well sorted out over time, but it does take time and effort.
Continuity is usually defined in terms of epsilons and deltas, valid enough in metric spaces, but the concept itself is valid for non-metrizable spaces which do not have distance functions. Is point-set topology a prerequisite for freshman calculus?
Is measure theory a prerequisite for statistics? Ever wanted to work with both discrete and continuous statistics at the same time?
Re:Hit them. Hard. (Score:2)
That may be, but I'm the proud owner of a brain, and my brain can out-think your card any day.
Comparison is the goal.... (Score:1)
The goal of the article is to compare how vulnerable various current operating systems are to this type of spoofed ISN attack. It discusses phase space analysis as a worthy means of doing this, and then the article presents handy feasibility charts and pretty pictures.
So please, let's have no more posts discussing how this attack is really old, man. I think most people here know this already.
This Article has Everything (Score:2, Funny)
"OMG Someone can guess the ISN number, We are all on our way to destruction"
2. Geekiness
"Wtf is an ISN number"
3. M$ Bashing (Note the $ $ign it means I dissaprove of Microsofts Money Grubbing Ways (TM) [OMG another funny!!])
PDF Mirror... (Score:1)
hardcode
--
It's 106 light-years to Chicago, we've got a full chamber of anti-matter,
a half a pack of cigarettes, it's dark, and we're wearing visors. Engage.
- Paul Tomblin in asr
Re:PDF Mirror... (Score:1)
hardcode
--
I am become Typo, destroyer of words.
That makes sense (Score:2, Funny)
They manage to build bio-humanoid robots, but they can't write a decent random function. Go figure...
Time delay... (Score:2, Informative)
Just because the dynamics look like a cloudy haze in R3 doesn't mean they do in R8.
MJC
Is that a borg cube? (Win98 Graph) (Score:3, Funny)
OLD AND SILLY (Score:2)
If you don't configure this 'trust' relationship based on IP address alone, this is not an issue.
Example: SSH allows one machine to trust another, but requires that the trusted machine be at the right IP addresss AND posess the correct private key or keys - so no issue.
Any one who, in this time, configures a machine to trust another, based solely on the IP address in the frames received, is crazy. It's a very unwise practice.
Re:OLD AND SILLY (Score:2)
Let's say the next time you load up thinkgeek.com and buy some overpriced gadget, your machine gets a spoofed ip during the DNS query, and instead of talking to thinkgeek.com you pass through some web proxy that harvests your credit card number and personal info (perhaps you fail to notice the lack of https:// this time). Of course, your thinkgeek order proxies right through to thinkgeek.com properly by the spoofed machine, then your local DNS cache expires and there's no trace of what happened.
Re:OLD AND SILLY (Score:2)
And if you order something online w/o verifying HTTPS, you're a moron. Plain and simple. If you *were* DNS spoofed, hopefully your browser would issue a warning that the Cert was invalid.
DNS has its problems, yes...But they have nothing to do with ISNs.
Re:OLD AND SILLY (Score:2)
You are missing the point altogether. DNS is completely outside the scope of this issue.
Re:OLD AND SILLY (Score:2)
Re:OLD AND SILLY (Score:2)
no, this was to Q2Serpent.
Re:OLD AND SILLY (Score:2)
Only DNS transactions that happen over TCP are zone transfers.
Re:OLD AND SILLY (Score:2)
Browsers can only go *so* far with something like this - the end-user has to be educated enough to understand the realm in which they're working and the implications of their actions.
sedawkgrep
Re:OLD AND SILLY (Score:2)
You let Alice telnet into Bob's machine and do enough that she's had time to enter her password. You then DoS Alice into next week while sending telnet packets to Bob that will create some sort of hole for you to come through later.
Bob sends the responses to Alice but she doesn't see them because she's flooded off the net, and Bob doesn't bother resending them because you ACK the packets.
Now SSH does prevent this, because you can still forge TCP/IP headers and guess ISNs, but you can't fake the encryption without knowing the password (and if you knew that, you'd just log in normally.)
Configuring a machine to trust another based soley on the IP is actually rhosts, I think. I've never actually used it, but that sounds right. And yes, it's supposed to be quite insecure.
Re:OLD AND SILLY (Score:2)
I think this is far more dificult than if a machine is using rhosts. You need to know that the user is looged in. You need to guess the ISN, then guess how many other bytes haved floed to get the current SN. Seems much more dificult to me.
Now SSH does prevent this,
Actually, the encryption is not based on the password. IANAE, (I Am Not An Expert), but I think SSH uses a public key exchange to encrypt an exchange where a session key is selected, the session key is then used in symmetric encryption. So you'd need the user's private key, AND to be able to see the traffic from the target back to the user (which is encrypted using the user's public key) at least to hijack the session. Since we're talking ISN predictability issues here, this is usually an issue when you can't see the traffic from the target - otherwise, you'd know the ISN and predictability would not be an issue.
Re:OLD AND SILLY (Score:3, Informative)
SSH V1 in some modes did not prevent this (well, the unencrypted mode for sure didn't!). The DES mode at least could be forced to resync if you sent a lot of data...maybe 2^40 bits. This attack was actually succesfully used and somewhat publisized about 2 years ago...maybe 3. It only worked because the fellow who was attacked went away on a confrence and left an ssh session up and the attackers had 4 days to pump laots of data across. Definilty not a "low hanging fruit" attack!
I don't really know if SSH V2 prevents it, I have not really looked closley at the V2 protocal (unlike V1 where I wrote a Java client). Maybe someday...maybe when I need to learn another new language...
Are you willing to bet on it? (Score:2)
Are you willing to bet that this is the *only* kind of attack possible using sequence number prediction? Someone with a sick imagination may find other novel and destructive uses for it.
In fact, I can already think of some...
Stup[id plug. (Score:3, Informative)
TCP was not designed to be secure. It was designed to ensure data is put back in the proper order at the remote end, and to be able to adjust it's transmission to deal with congestion.
Yes, there is a security issue.... but any security breach through ip spoofing is really a fault of the higher layer application/protocol and NOT of the ability for a tcp session to be spoofed.
Before people get too gleeful... (Score:5, Interesting)
grsecurity patches (Score:2, Informative)
it has loads of other interesting functions and the random ISN generator seems to work fine, here's a nmap scan result
TCP Sequence Prediction: Class=random positive increments
Difficulty=4184073 (Good luck!)
TCP ISN Seq. Numbers: BA77562B B9B190FD BA8C8609 BA3DFEB2 BA92DBDB B9BA515C
IPID Sequence Generation: Randomized
Great article (Score:2)
Re:Google cache saves the day (Score:1)
Re:Google cache saves the day (Score:1)
http://razor.bindview.com/publish/papers/tcpseq
Then just click on the "Cached" link in the results page.
Re:Google cache saves the day (Score:2)
Re:Google cache saves the day (Score:2)
Re:Google cache saves the day [ the correct link ] (Score:2, Redundant)
http://216.239.51.100/search?q=cache:pIKhdPlNqPYC
Re:Google cache saves the day [ the correct link ] (Score:2, Informative)
http://web.archive.org/web/20020124085843/http://
Also available, cache of the pdf (Score:5, Informative)
It doesn't display correctly with my version of KDE's PS/PDF Viewer, but good old ghostview works great.
Re:why is it (Score:1)
Re:why is it (Score:1)
Re: (Score:1, Troll)
Re:why is it (Score:2)
Why not start looking for a better job instead of bitching and whinning on slashdot all day.
Try finding, especially in this depressed economy, an IT job that does not require you to use Microsoft software at least sometimes. I would estimate that this describes less than one tenth of one percent of jobs. It is virtually impossible to avoid. Switching jobs is not a solution to this problem.
Re: (Score:2)
Re:why is it (Score:2)
The advertisement in your signature points to www.coronahost.com, which claims to be running Microsoft IIS. So I am sure you will agree that while the theoretical discussion is interesting, in the real world there are forces that you simply can not control. The only thing that can be done is to helplessly complain.
Re: (Score:3, Insightful)
Re:Already Slashdotted.... (Score:1, Offtopic)
I know this isn't really quite on (this) topic, and it has been said before, but the
This
Re:Already Slashdotted.... (Score:2)
Re:Already Slashdotted.... (Score:2)
1) I could very well be illegal without obtaing permission from a human. This would take too much time away from CmdrTaco adding spelling errors to my posts.
2) It would costs money in bandwidth costs. VA Software coporate officers love to roll naked in freshly minted $1 bills, and this would take away from their stash. Then only, one officer could roll at a time. Not a happy thing.
Re:Already Slashdotted.... (Score:2)
Obviously this is not the case, or Google and other businesses that are caching web sites would be out of business by now. Caching web proxies would not be so common, instead we have never heard of a legal attack against a caching web proxy. This excuse is without merit.
The FAQ also gives this as a reason:
But this is such an easily solved problem, this must also be a dishonest excuse. Even updating the cache once per minute would not unduly load the victim sites. Using standard proxy software like Squid would completely solve this problem.
Surely in the 2 years since this question has been answered, CmdrTaco has had time to work on the solution to this. This is his full time job. Not much effort is being spent on the development of the software that runs the site, and certainly with the number of editors and how sloppily it is done, this can not be taking more than an hour per day per editor, if that. There is no original content, it is all submitted. As a LNUX shareholder, I wonder what these guys really do all day.
Re:Already Slashdotted.... (Score:2)
I guess the end run around any preceived problems on CmdrTaco's part would be to just provide links to Google's cache.
A certainly agree with you..
Considering that there are several full-time people working (and being paid) on Slashdot, I find it rather odd that that hasen't been a solution forthcoming to this common problem.
It could be a case of burn-out, but I suspect general lazyness.
Re:Already Slashdotted.... (Score:5, Informative)
To summarized the report. Unpatched versions of NT4 and Windows 95/98SE are the most vunerable to spoofing attacks because of predictable patterns, or attractors, in the sequence produced by the random number generator used for ISNs. Linux,OpenBSD and FreeBSD scored near the top, though the report says there is room for improvement. Windows 2000, MacOSX, IRIX and BSDI were in the middle of the pack. HPUX and AIX were just as bad as windows 98.
So we have out prototypical 'windows less secure than linux' submission and the slashdotters are happy
-josh
Re:How did mac classic score? (Score:2)
Re:Already Slashdotted.... (Score:1)
Re:TCP/IP Sequence Number Analysis (Score:2)
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues. I can't figure out if none of Dubya's advisors understand computers or if they are so full of it as to actually think, for whatever reason, that nobody would ever attack the US electronically. I have a feeling it's the latter being caused by the former, though. . .
Re:TCP/IP Sequence Number Analysis (Score:2)
This is not true. Your location on the network does not matter if you are worried about sequence number prediction. If you are positioned so that you can see the traffic both ways, you do not need to predict sequence numbers. And, all but the most insecure networks are vulnerable to attacks from the internet solely based on a spoofed IP address. No major US corporation is going to have a hole like that these days - they at least realize that securing the outside of the firewall is important. If there were such a hole, the intelligence necessary to find out about its existance and the address to use would take about the same effort to obtain as other more practical ways into the network.
Everybody realized to be afraid of IP-address based authentication after the widely publicized IP spoofing attacks.
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues.
The US government actively attacks computer securitiy. This is a problem that can be totally solved with strong encryption. Who is the biggest opponent in the world to ubiquitous strong encryption?
Re:TCP/IP Sequence Number Analysis (Score:2)
What are you talking about? It's already a complete crock anyway, and is well on its way to becoming two complete crocks.
Re:TCP/IP Sequence Number Analysis (Score:3, Insightful)
Of course, in general, SSL should prevent these sorts of attacks because the incoming payload would be expected to be encrypted and so it would be non-trivial to input packets into the stream and have them do anything other than DoS. Still a problem but not as much as other issues.
Again, I see this as an issue where competent attackers may be heavily targetting a given system, but it is unlikely to be used by the casual crowd. So the Win 95 and 98 crowd should be relatively safe, while the DoD NEEDS additional protection. Corporate infrastructures are in the middle, and it is probably a good idea to protect them against this sort of attack.
However, it is also a pretty serious refutation of "open source is insecure."
Re:What about NAT? (Score:3, Informative)
So I think you're safe
Re:isnt it amazing that. . . (Score:2)
And there are no algorithms to produce truely random numbers. There are plenty of them that are crap.