Does anybody remember this: http://lcamtuf.coredump.cx/newtcp/ This seems fairly clear to me that guessing our tcp sequences is near omnipotent power. -Jon Mike Tancsa wrote: > At 02:26 PM 20/04/2004, Dag-Erling Sm鷨grav wrote: > >> Dragos Ruiu <[email protected]> writes: >> > On April 20, 2004 10:44 am, Dag-Erling Sm鷨grav wrote: >> > > The advisory grossly exaggerates the impact and severity of this >> > > fea^H^H^Hbug. The attack is only practical if you already know the >> > > details of the TCP connection you are trying to attack, or are in a >> > > position to sniff it. >> > This is not true. The attack does not require sniffing. >> >> You need to know the source and destination IP and port. In most >> cases, this means sniffing. BGP is easier because the destination >> port is always 179 and the source and destination IPs are recorded in >> the whois database, but you still need to know the source port. > > > While true, you do need the source port, how long will it take to > programmatically go through the possible source ports in an attack ? > That only adds 2^16-1024 to blast through > > ---Mike > > > > > >> DES >> -- >> Dag-Erling Sm鷨grav - [email protected] > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"