Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
From: Tim Newsham <newsham () lava net>
Date: Wed, 6 Feb 2008 07:48:10 -1000 (HST)

Interestingly enough, OpenBSD uses a flavor of this PRNG for
another field, this time the IP fragmentation ID, part of the
OpenBSD kernel network stack. The analysis carries out quite
similarly to show that OpenBSD's IP ID is predictable as well,
which gives way to O/S fingerprinting, idle-scanning, host alias
detection, traffic analysis, and in some cases, even to TCP blind
data injection.

Can you expound upon the blind TCP injection allowed by IP ID
prediction?

Amit Klein
CTO Trusteer

Tim Newsham
http://www.thenewsh.com/~newsham/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]