This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker of guessing the sequence numbers in use by a target connection are reduced. This document is a revision of RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track.Our I-D is available here.
Friday, January 7, 2011
Defending Against Sequence Number Attacks
We have published an IETF Internet-Draft entitled "Defending Against Sequence Number Attacks", which is a revision of Steven Bellovin's RFC 1948. The Abstract of the I-D is: