TCP seqno prediction

Hide yo children

TCP

> SYN

< SYN/ACK

> ACK

> GET /index.html\r\n
Host: lemonparty.com\r\n
Connection: close\r\n

TCP

> SYN (0)

< SYN (0)/ACK (1)

> ACK (1)

TCP

> SYN (0)

< SYN (0)/ACK (1)

> ACK (1)

TCP

> SYN (12345)

< SYN (67890)/ACK (12346)

> ACK (?)

Sequence numbers


S0 = 244782
S1 = 245581
S2 = 246380
S3 = 247176
S4 = 247975
S5 = 248771
...

Sequence numbers

Map relationships to cartesian coordinates:

\(x_t = D_t = S_t - S_{t-1}\)

\(y_t = D_{t-1} = S_{t-1} - S_{t-2}\)

\(z_t = D_{t-2} = S_{t-2} - S_{t-3}\)

Windows 98
FreeBSD 4.2
NT 4.0 SP3
IRIX 6.5
OpenVMS 7.2
NetWare 6
Linux 2.2

Attacks

rlogin

IP-based auth

Mitnick's Christmas Day attack

Attacks

Attacks

ISNProber

Determine if a set of IPs are served by the same host

Attacks

Active fingerprinting

Attacks

Passive fingerprinting

Q&A

Any questions?