TCP seqno prediction

TCP

> SYN

< SYN/ACK

> ACK

> GET /index.html\r\n
Host: lemonparty.com\r\n
Connection: close\r\n

Some notes. They are only visible using onstage shell.

TCP

> SYN (0)

< SYN(0)/ACK(1)

> ACK(1)

TCP

> SYN(0)

< SYN(0)/ACK(1)

> ACK(1)

TCP

> SYN(39275)

< SYN(11902)/ACK(39276)

> ACK(?)

Sequence numbers

S0 = 244782
S1 = 245581
S2 = 246380
S3 = 247176
S4 = 247975
S5 = 248771
...

Sequence numbers

Map relationships to cartesian coordinates:

\[ \begin{eqnarray*} x_t &=& D_t &=& S_t - S_{t-1} \\ y_t &=& D_{t-1} &=& S_{t-1} - S_{t-2} \\ z_t &=& D_{t-2} &=& S_{t-2} - S_{t-3} \end{eqnarray*} \]

placeholder
Windows 98
FreeBSD 4.2
NT 4.0 SP3
IRIX 6.5
OpenVMS 7.2
NetWare 6
Linux 2.2

Attacks

rlogin

IP-based auth

Mitnick’s Christmas Day attack

Attacks

placeholder

Attacks

ISNProber

Determine if a set of IPs are served by the same host

Attacks

Active fingerprinting

Attacks

Passive fingerprinting

Q&A

Any questions?