The more fascinating One of security holes was described by Robert Morris.This form of attack takes advantage of the predictability of sequence numbers used in TCP implementations. In BSD particular 4.2 and 4.3 (and their many siblings) have been shown to be vulnerable.
1) The initial sequence numbers (ISN) used by TCP should be random, incrementing values,starts with an ISN Berkeley Unix and increments of 1 fixed it a number of times per second and per connection. It is therefore possible to estimate the next ISN that will be used by: connecting to the server, and then recording the ISN measuring the time to the next connection.
2) avoid To attacked the host sending a message to reset the spoofed host the attacker must flood the appropriate port on the spoofed host.
3) The attack proper starts by opening a connection to the server (S), but with the spoofed source address to be that of a trusted host (T) on the network.
4) The server will respond with an acknowledgment and its own ISN.This will be sent to the host because of the trusted address spoof. Under normal circumstances the host would not recognise this acknowledgment, the attacker actually opened this connection, however the attacker disabled in the Trusted host [ 2].
5) The attacker uses its predicted ISN server to carry on the conversation, for example it could instruct the Server to send it the password file.
using this attack against Defences include TCP stacks with less predictable ISNs.Firewalls should also be internal block packets with source addresses arriving on the external interface (input filtering) and similarly block packets with source address different from an internal network to stop the attacks originating from the Site. Logging could also detect the unusual network activity (e. g.host T RST generating messages) generates this kind of attack.
การแปล กรุณารอสักครู่..