An inherent flaw in TCP was discovered in the mid-1980s that has recently received attention in the media and in security advisories. The problem centers on the Initial Sequence Numbers (ISNs), which are packet numbers used in TCP connections. These numbers are only Icnown by the hosts that are maicing the connection. The sequence numbers are used to identify legitimate packets and determine which packets are part of a given transmission. The packets that follow contain a sequence number based on the INS. The sequence number changes each time by adding the number of bytes that are transmitted to the other host.
The problem is that if the ISNs of a TCP connection are not random, or if they are not random in subsequent TCP sessions, a hacker can guess the ISN. If he or she guesses correctly, the hacker will be able to hijack the session.
Hackers attempting to exploit this vulnerability will have an extremely difficult time. Not only will they need to guess the ISN, but they must identify the vulnerable systems.
The actual attack is extremely difficult to implement. However, if a hacker develops tools for this hack and makes it available on the Internet, any person with a modem and not much experience will be able to implement it.
The TCP flaw is 20 years old and is still a concern. As recently as 1996, researchers at AT&T proposed a solution to the Internet Engineering Task Force (IETF). To date, only OpenBSD is considered to have consistently random ISNs. Linux and Solaris would be considered average at performing this task.
Published on Sat 22 April 2006 by Leon Hansard in Security with tag(s): tcp