Ummm
ok no totally knowledgeable anwers yet (come on guys! :) so I'll throw my
semi-uninformed opinion in...
Sequence prediction (if feasible) basically allows man in the middle and
session hijacking attacks. It's a low risk as opposed to say running an
old (exploitable) version of sendmail or ssh. If an attacker can sniff
your packets to get the TCP sequence info in the first place then they've
already compromised a box (or router) real close to you so you have bigger
worries anyway. What they would then do is blast you out of the sky with a
DDoS or magic packet and pump their own packets onto the wire with the correct
(predicted) sequence numbers - session hijack. It would take a fairly
sophisticated attacker though as far as I know - there are utilities and
exploits out there ("hunt" is one that springs to mind - telnet is asking for
trouble) but AFAIK they aren't "point and click" type attack
programs.
TCP
sequence prediction was poor in earlier 'doze versions (MS put out a patch) but
every Linux and BSD I've seen nmap'd was (Good luck!) so I'd say don't worry
about it. You often get (trivial joke) on earlier versions of Windows and
network devices (HP JetDirect, other network printing boxes, web
interfaces to routers/connection sharing devices).
So; only a concern in high security
environments... or if you (like me) think secure is
fun!
S. :)
-----Original Message-----
From: George Vieira [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 5 December 2001 4:54 PM
To: Sydney Linux Users Group (E-mail)
Subject: [SLUG] nmapI've been using nmap and found on some systems it complain about the TCP sequence is sequencial and others where it's random. I've also noticed that if you go to www.scannerx.com and use their free trial scanner, it'll report back to you any vunerabilities it find on your box and TCP sequence is one of them...How/where do these get set as is it such a big threat?example below...TCP Sequence Prediction: Class=random positive increments
Difficulty=4768949 (Good luck!)
IPID Sequence Generation: All zeros
thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
