HOME

TheInfoList



Click Here for Items Related To - TCP Sequence Prediction Attack
OR:
TCP Sequence Prediction Attack on:   [Wikipedia]   [Google]   [Amazon]

A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the
packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a form ...
s in a
TCP connection TCP may refer to: Science and technology * Transformer coupled plasma * Tool Center Point, see Robot end effector Computing * Transmission Control Protocol, a fundamental Internet standard * Telephony control protocol, a Bluetooth communication ...
, which can be used to counterfeit packets. The attacker hopes to correctly guess the sequence number to be used by the sending host. If they can do this, they will be able to send counterfeit packets to the receiving host which will seem to originate from the sending host, even though the counterfeit packets may in fact originate from some third host controlled by the attacker. One possible way for this to occur is for the attacker to listen to the conversation occurring between the trusted hosts, and then to issue packets using the same source
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
. By monitoring the traffic before an attack is mounted, the malicious host can figure out the correct sequence number. After the IP address and the correct sequence number are known, it is basically a race between the attacker and the trusted host to get the correct packet sent. One common way for the attacker to send it first is to launch another attack on the trusted host, such as a
Denial-of-Service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
. Once the attacker has control over the connection, they are able to send counterfeit packets without getting a response. If an attacker can cause delivery of counterfeit packets of this sort, they may be able to cause various sorts of mischief, including the injection into an existing TCP connection of data of the attacker's choosing, and the premature closure of an existing TCP connection by the injection of counterfeit packets with the RST bit set. (
TCP reset attack TCP reset attack, also known as a "forged TCP reset" or "spoofed TCP reset", is a way to terminate a TCP connection by sending a forged TCP reset packet. This tampering technique can be used by a firewall or abused by a malicious attacker to inter ...
) Theoretically, other information such as timing differences or information from lower
protocol layer A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchron ...
s could allow the receiving host to distinguish authentic TCP packets from the sending host and counterfeit TCP packets with the correct sequence number sent by the attacker. If such other information is available to the receiving host, if the attacker can also fake that other information, and if the receiving host gathers and uses the information correctly, then the receiving host may be fairly immune to TCP sequence prediction attacks. Usually this is not the case, so the TCP sequence number is the primary means of protection of TCP traffic against these types of attack. Another solution to this type of attack is to configure any router or
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...
to not allow packets to come in from an external source but with an internal IP address. Although this does not fix the attack, it will prevent the potential attacks from reaching their targets.


See also

* SYN flood *
Aircrack Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monito ...
*
BackTrack BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distr ...
*
Nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides ...
*
Packet sniffer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...
* Snort *
Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 d ...


References

{{Reflist, refs = {{cite web, title=TCP Sequence Prediction Attack, url=http://www.tech-faq.com/tcp-sequence-prediction-attack.html {{cite journal, last=Bellovin, first=S.M., title=Security Problems in the TCP/IP Protocol Suite, journal=ACM SIGCOMM Computer Communication Review, date=1 April 1989, url=http://portal.acm.org/citation.cfm?id=378444.378449, accessdate=6 May 2011


External links

* RFC 1948, Defending Against Sequence Number Attacks, May 1996, obsoleted by RFC 6528
Steven M. Bellovin Steven M. Bellovin is a researcher on computer networking and computer security, security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Flo ...
. * RFC 6528, Defending against Sequence Number Attacks, February 2012 Standard Track
Steven M. Bellovin Steven M. Bellovin is a researcher on computer networking and computer security, security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Flo ...

A Weakness in the 4.2BSD Unix TCP/IP Software
Sequence Prediction Attack Computer network security