Journal SeanAhern's Journal: Severe TCP Vulnerability 5
In case this doesn't get picked up as a normal
Internet Technology Vulnerable to Hackers
Unfortunately, it's very light on technical details. Anyone have any links to more detailed specifications about what's wrong with TCP, and what can happen if a machine succumbs to an exploit?
Kind of a non-story (Score:2)
Re:Kind of a non-story (Score:2)
It's close to the long-known hole of sending an RST packet with the correct 4-tuple (local+remote port+IP) and the correct sequence number, but observes that the sequence number need only lie within the current congestion window. Since in most cases the remote port number and IP add
Re:Kind of a non-story (Score:2)
jason
Re:Kind of a non-story (Score:2)
It's related, yes; that approach depended on looking at the ISNs used, and recognizing a pattern thus going "ooh, that'll be a WinNT box then". Fortunately - as somebody pointed out in the Slashdot discussion on that article - an OpenBSD NAT box already has the ability to substitute its own (truly random - no pattern to recognize) ISNs. (ISTR something similar regarding fragment numbering, but c
Re:Kind of a non-story (Score:2)