User: Password:
Subscribe / Log in / New account

Does it matter?

Does it matter?

Posted Aug 19, 2011 10:53 UTC (Fri) by epa (subscriber, #39769)
Parent article: Unpredictable sequence numbers

Why does this matter? We all know that TCP/IP connections can be hijacked and snooped. That's why ssh and https exist. Is it just a case of avoiding denial of service attacks?

(Log in to post comments)

Does it matter?

Posted Aug 19, 2011 19:17 UTC (Fri) by njs (guest, #40338) [Link]

Normally, to hijack a TCP connection, you need to be "in the middle" in some sense -- have access to some router that the TCP is flowing over, or be on the same LAN to run arp spoofing, etc. I can't just hijack your connection to LWN from my home router. Sequence numbers are the thing that stops me -- if you can guess the sequence numbers for other people's connections, then under the right circumstances you can insert stuff into any TCP connection anywhere from any internet-connected host.

("The right circumstances" are somewhat tricky to achieve -- I'll skip the details, they should be easy to google -- but there are practical attacks possible.)

Does it matter?

Posted Aug 19, 2011 23:49 UTC (Fri) by pflugstad (subscriber, #224) [Link]

I think you missed epa's point.

Even being able to predict TCP sequence numbers does not allow you to inject traffic into an existing SSH or SSL (https) connection. Both protocols encrypt the data and have integrity checks over the data, so if you injected data, it would fail to decrypt and/or fail the integrity checks.

So the worst that you can probably do if you can predict TCP sequence numbers is force the connection to be reset - packets with an invalid TCP sequence number would be discarded - if the seq num is valid, then SSL/SSH would flag it and abort the connection.

Does it matter?

Posted Aug 20, 2011 1:36 UTC (Sat) by njs (guest, #40338) [Link]

Yes, but I also use protocols like HTTP that don't have cryptographic integrity guarantees... and those protocols are more at risk if TCP sequence numbers are predictable than if they aren't, which is why TCP sequence numbers matter beyond DoS attacks. Which was epa's question...

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds