Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Tuesday, August 11, 2009

Initial Sequence Number (ISN) Sampling

Learn about TCP/IP sequence numbers before reading this post.

TCP Initial Sequence Number (ISN) Sampling
  • Different OS choose different ISN while initiating a connection request to send a data packet.
  • Attackers find patterns in the initial sequence numbers chosen by TCP implementations when responding to a connection request.
  • Many old UNIX boxes use the traditional 64K ISN, while newer versions of Solaris, IRIX, FreeBSD, Digital UNIX, Cray, and many others use Random increments, Linux 2.0, OpenVMS, use truely "random" ISNs.
  • Windows boxes (and a few others) use a "time dependent" model where the ISN is incremented by a small fixed amount each time period.
  • NMap provides the capability to use this technique for OS identification.

No comments:

Post a Comment