<<< Date Index >>>     <<< Thread Index >>>

Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"



Interestingly enough, OpenBSD uses a flavor of this PRNG for
another field, this time the IP fragmentation ID, part of the
OpenBSD kernel network stack. The analysis carries out quite
similarly to show that OpenBSD's IP ID is predictable as well,
which gives way to O/S fingerprinting, idle-scanning, host alias
detection, traffic analysis, and in some cases, even to TCP blind
data injection.

Can you expound upon the blind TCP injection allowed by IP ID
prediction?

Amit Klein
CTO Trusteer

Tim Newsham
http://www.thenewsh.com/~newsham/