Graphing Randomness in TCP Initial Sequence Numbers 145
Saint Aardvark writes "This is neat: Graphic visualization of how random TCP Initial Sequence Numbers really are for different OSs. It's a great way of seeing how secure a TCP stack really is. Cisco IOS is great; OS9, OpenVMS and IRIX aren't. Posted to the ever-lovin' BugTraq mailing list." This is a follow-up to the previous report.
Original report (Score:5, Informative)
http://razor.bindview.com/publish/papers/tcpseq.h
Re:I find it interesting (Score:3, Informative)
Comment removed (Score:4, Informative)
Re:Um, Why no Linux in the report (Score:5, Informative)
>certainly more common than many of the other
>selections.
>
>Should we assume Linux matches *BSD or some other
>flavor? or do I need to read more carefully
You need to read more carefully.
Mirror in case of further slashdotting (Score:2, Informative)
It's just a 133mhz netbsd box on a home adsl line though, but I figured the more the merrier.
Re:What about home router sequence numbers? (Score:1, Informative)
Most of them have constant or +1 ISNs. Some advanced ones have +64k.
Re:Linux?? (Score:4, Informative)
If you read the article is says:
Re:What about home router sequence numbers? (Score:3, Informative)
Unless you don't trust people on your home lan, it's not much of an issue. Yes, it should be done right, but the only people that can exploit this are those within your network. If they are in your home, they can do much worse than hijack your session as you configure the router.
As for outbound traffic, if you connect to an outside website from an inside PC, it uses the ISN that the PC generated and doesn't change it or adds some simple fixed constant. It still retains all of the entropy of the original PC's ISN. Nobody from the outside should be able to connect to the configuration server in the "DSL router" device. Hence, nobody from the outside really sees the poor entropy of the DSLRouter's ISNs.
Only higher-end firewall products, ie: the cisco PIX, attempt to mangle the ISN generation as they translate hosts. Most of the simple products do not, and certianly none of the $100 DSL routers do.
Also good ISN generation is actualy important to more "commercial" grade routers, since these devices are sometimes deployed and administered remotely, generate tunnels, etc. Thus these routers/firewalls sometimes have exposed ports, or exposed client traffic on a public network as they are being reconfigured.
Of course, many are only configured localy, or over a local LAN, which makes the risk a lot lower, but also users on corprate lans are generaly less trusted than those in your own home.
Re:Understanding Randomness (Score:3, Informative)