TCP sequence prediction attack

TCP sequence prediction attack

A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection.

The attacker hopes to correctly guess the sequence number to be used by the sending host. If they can do this, they will be able to send counterfeit packets to the receiving host which will seem to it to originate from the sending host, even though the counterfeit packets may in fact originate from some third host controlled by the attacker.

If an attacker can cause delivery of counterfeit packets of this sort, he or she may be able to cause various sorts of mischief, including the injection into an existing TCP connection of data of the attacker's choosing, and the prematurely closure of an existing TCP connection by the injection of counterfeit packets with the FIN bit set.

Theoretically, other information such as timing differences or information from lower protocol layers could allow the receiving host to distinguish authentic TCP packets from the sending host and counterfeit TCP packets with the correct sequence number sent by the attacker.

If such other information is available to the receiving host, if the attacker cannot also fake that other information, and if the receiving host gathers and uses the information correctly, then the receiving host may be fairly immune to TCP sequence prediction attacks. Usually this is not the case, so the TCP sequence number is the primary means of protection of TCP traffic against these types of attack.

According to tech-faq.com: "an attempt to hijack an existing TCP session by injecting packets which pretend to come from one computer involved in the TCP session."

External links

* [http://portal.acm.org/citation.cfm?id=378444.378449 Security problems in the TCP/IP protocol suite] , April 1989, Steven M. Bellovin
* RFC 1948, Defending Against Sequence Number Attacks, May 1996, Steven M. Bellovin.
* http://www.tech-faq.com/tcp-sequence-prediction.shtml


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Transmission Control Protocol — The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP is so central that the entire suite is often referred to as TCP/IP. Whereas IP handles lower level transmissions from computer to computer as …   Wikipedia

  • Network security — In the field of networking, the area of network security[1] consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and… …   Wikipedia

  • Life Sciences — ▪ 2009 Introduction Zoology       In 2008 several zoological studies provided new insights into how species life history traits (such as the timing of reproduction or the length of life of adult individuals) are derived in part as responses to… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”