bellovin-post - Date Tue 24 Jan 1995 07:09:12-0500 From...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Date: Tue, 24 Jan 1995 07:09:12 -0500 From: Steve Bellovin Subject: More on the new CERT advisory There's a great deal of confusion about what kind of attack the recent CERT advisory is referring to. Let me try to clear things up. The specific attack is a sequence number guessing attack, originally described by R.T. Morris in Bell Labs Computer Science Technical Report #117, February 25, 1985. I generalized (and publicized) the attack in my 1989 paper "Security Problems in the TCP/IP Protocol Suite, Computer Communications Review 19:2, April 1989, pp. 32-48 (URLs below). Both his attack and my generalizations are special cases of a more general attack, IP source address spoofing, in which the attacker illegitimately uses a trusted machine's IP address in conjunction with some protocol (such as rsh) that does address-based authentication. In order to understand the particular case of sequence number guessing, you have to look at the 3-way handshake used in the TCP open sequence. Suppose client machine A wants to talk to rsh server B. It sends the following message:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 3

bellovin-post - Date Tue 24 Jan 1995 07:09:12-0500 From...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online