On Wed, Nov 27, 2002 at 12:34:14AM +0900, Takeharu Kato wrote: > Thank you for your response. > > > Um, no... it doesn't say that either. Cutting and pasting from your > > own results, the difficulty level shows no change: > Sorry, It's my mistake. I've reposted a correct result already. > Please see it. It show the patch can generate true random > class sequence number. True random is bad. It violates RFC 793, which specifies that the initial sequence number needs to be incremented in such a way that old packets associated with a previous TCP connection that "rattle around" in the network will have much smaller likelihood of being mistaken for a valid packet for the current TCP connection. This is the reasoning behind the algorithm specified in RFC 1948, which you yourself quoted in the CERT advisory. Truely Random sequence numbers does not meet the recommendations spceified in RFC 1948. > It is obliged to show the kernel can generate > true random class TCP sequence number with a security checker > to deriver the product for customers. > > At least, some of our customers say that. > > In those case, they prefer security to performance. Your customers are deluded. If they care that much about security, they should be using real crypto. Randomizing the ISN sequence number attack merely avoids one of the easier off-axis attacks. If they are that concerned about security, then crypto is the answer. Using MD5 and a random ISN merely degrades performance and provides only a placebo-level increase in the net security of the system, while decreasing the correctness of the TCP implementation. > > The MD4 hash provides adequate protection for someone who is > > attempting a brute-force attack; although they can probably succeed > > within a day or so, or perhaps even in hours, that's still enough that > > that it won't be practical to attack a TCP connection in real time. > > > It may be true from practical point of view. >From a practical point of view, random seed used as part of the MD4 hash is reseeded every five minutes. So if the attacker does manage to reverse engineer the secret used in the ISN calculations, he/she needs to do so within five minutes, or it will have changed on him. And, of course, an attacker which is on the network patch between the client and and the server can simply observe the sequence numbers, and forge packets with the appropriate sequence numbers such that the communication peers accepts the forged packet as real. The only real way to fix this is to use real crypto. - Ted - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
