"We consider the problem of inserting a malicious packet into a TCP connection, as well as establishing a TCP connection using an address that is legitimately used by another machine. We introduce the notion of a Spoofing Set as a way of describing a generalized attack methodology. We also discuss a method of constructing Spoofing Sets that is based on Phase Space Analysis and the presence of function attractors. We review the major network operating systems relative to this attack. The goal of this document is to suggest a way of measuring relative network-based sequence number generators quality, which can be used to estimate attack feasibility and analyze underlying PRNG function behavior. This approach can be applied to TCP/IP protocol sequence numbers, DNS query identifiers, session-id generation algorithms in cookie-based authentication schemes, etc."
http://www.bindview.com/Services/Razor/Papers/2001/tcpseq.cfm Includes nice pictures > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Matt > Sent: Saturday, February 26, 2005 10:36 PM > To: [email protected] > Subject: spoofing question > > A general security question about spoofing modern *nix operating > systems, including OpenBSD. Is spoofing pretty much dead? Do modern > *nix machines still use the old BSD style incrementation of sequence > numbers (I don't know enough C to find it in the source)? Or are > sequence numbers now random (unspoofable). Also, don't high speed LANs > (gigabit, fibre) make it doubly hard to guess sequence number? I > couldn't find much on the subject. Thanks.
