On 21-Apr-2004 David S. Miller wrote:

On Wed, 21 Apr 2004 19:03:40 +0200
J�rn Engel [off-list ref] wrote:

quoted

Heise.de made it appear, as if the only news was that with tcp
windows, the propability of guessing the right sequence number is not
1:2^32 but something smaller.  They said that 64k packets would be
enough, so guess what the window will be.

Yes, that is their major discovery.  You need to guess the ports
and source/destination addresses as well, which is why I don't
consider this such a serious issue personally.

Yes, but it is possible, expecially for long sessions. Also,
data injections is also possible with the same method, because
the receiver accepts everything inside the window, which is
usually 64k. Out of curiosity: in case Linux receives two
packets relative to the same portion of the stream, does it
check if the overlapping data is the same ? It would add extra
security about data injection in case the data has not been
sent to userspace yet.


--
Giuliano.