On Tue, 20 Apr 2004, Patrick W.Gilmore wrote:
> (Someone check my math. :)
try not to include text after your sig. some people set their mailers
to strip sigs from replies.
> Sequence numbers are 32 bits. Since the miscreant only needs to
> guess once every 14 bits, you get:
> 2^32 / 2^14 == 262144
Ie, no more than 262144 different sequence numbers required to hit a
window. 262144 packets @ 10kpps will take:
262144/(10*1000) = 26.21440
That's 26 _seconds_, not hours - with a probability of 1. Though
after 13s of sending packets, probability is 0.5. At just 100pps:
262144/(100)/60 = 43.69
So 44 minutes at a low packet rate, ~5kB/s, probability of 1 that you
will have hit the window (of the sequence number as it was for first
packet :) ), 22 minutes you're already at P(0.5).
However, for the 10kpps case, you have at most 26s to notice the
10kpps / 480kB/s traffic.
> There is a router vendor out there which defaults to source ports
> between 1024 and 5000, or so I have been told. (This router vendor
> does many things very well and should not be considered a Bad
> Vendor for this one minor error, which I hope they will fix ASAP.)
> We now have:
> (5000 - 1024) * 262144 == 1042284544
Which is only 28 hours at 10kpps:
1042284544/(10*1000)/3600 = 28.95234
bit less likely admittedly.
regards,
--
Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A
warning: do not ever send email to [EMAIL PROTECTED]
Fortune:
All bridge hands are equally likely, but some are more equally likely
than others.
-- Alan Truscott
