Note: Nilesh's weblog is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging Internet users to upgrade their browsers. (Read More)

Nilesh's Weblog

«« OptiMouse Hack | Main | Keol Thought »»

How secure is your OS

September 12, 2002 09:52 PM


Michal Zalewski has come up with the newer version of his earlier paper on "Strange Attractors and TCP/IP Sequence Number Analysis". Well, didn't quite get it? Its basically about IP sequence numbers. These ISNs as they are called, are generated by the host whenever a TCP connection is established. These numbers are used to keep track of the packets for the session. Now the problem lies in the fact that these numbers can be guessed. If the next ISN is guessed correctly, an attacker can hijack a connection by spoofing ip addresses of the source address. So all depends on how random the ISNs can be. Michal found that Windows still lags far behind in true random number generation. *BSD leads all the way. Check it out. Great paper!



Comments

No comment has been added. Add your comments.

Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.

Name


Email


Homepage


Comments (required)


Remember Me??







nilesh.org
© 2000-2003. Nilesh Chaudhari (mail AT nilesh.org)