Friday, January 7, 2011

Defending Against Sequence Number Attacks

We have published an IETF Internet-Draft entitled "Defending Against Sequence Number Attacks", which is a revision of Steven Bellovin's RFC 1948. The Abstract of the I-D is:
This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker of guessing the sequence numbers in use by a target connection are reduced.  This document is a revision of RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track. 
Our I-D is available here.

0 comentarios: