- TCP provides a full duplex reliable stream connection between two end computers.
- Data is packeted into a number of data packets and every byte that is sent by a host is marked with a sequence number and is acknowledged by the receiver using this sequence number.
- Sequence numbers are a 32-bit counter, which means the value can be any of over 4 billion possible combinations.
- Sequence numbers ensure that the receiving machine re-assembles the data packets in the same order to obtain the original data as they were dis-assembled at the transmitting end.
- The sequence number for the first byte sent is computed during the connection opening.
- If a computer opens a new connection in addition to an existing connection, the initial sequence number for two different sessions are different.
- When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer using the sequence number used by the victim computer.
- Pseudo-random number generators (PRNGs) introduced some randomness when producing ISNs used in TCP connections, thereby, making ISNs harder to guess, but were still vulnerable to statistical attack
| Threat | If a sequence number within the receive window is known, an attacker can inject data into the session stream or choose to terminate the connection. If the attacker knows the initial sequence number, he can send a simple packet to inject data or kill the session if he is aware of the number of bytes transmitted in the session this far. |
Fig. INITIAL SEQUENCE NUMBER. Click to magnify.
No comments:
Post a Comment