Subject: Re: IP source address security issue
To: Charles M. Hannum <mycroft@ai.mit.edu>
From: Mark P. Gooderum <mark@nirvana.good.com>
List: netbsd-bugs
Date: 01/29/1995 19:18:27
>
> How about a modification
> where a small random increment (say 12 bits) is added instead of the fixed
> time based increment.
>
> This is basically what I was going to suggest. Can anyone think of a
> reason why this is a bad idea?
I'd also suggest initializing the sequence number to some reasonably
random value, maybe the low order bits of the hardware clock plus
some other number.
It is bad to start with a fixed constant since it makes it easier to
guess the ballpark of the #. Heck even the code says it is:
tcp_subr.c-tcp_init():
tcp_iss = 1; /* wrong */
Sigh...
Also the timer needs to be incremented a lot more often than every 500ms.
Even the IP spec recommends every 4ms, although that's pretty hard in a
Unix env. Otherwise you can easily and accurately
make the IP attack by attempting a valid connection to get the current
sequence # and then getting back to the machine before another packet comes
in.
You can fudge the periodic increment by doing a reasonably random increment
before picking the # for an ACK/SYN packet.
--
Mark