On Thu, 29 Nov 2007, Darden, Patrick S. wrote:

> >You're assuming a blind attack, a very dangerous assumption. Even with a
> >blind attack, you're assuming that (a) the attacker's prediction efforts
> >are stymied by hard-to-predict sequence numbers and (b) the attacker
> >(or defender) lacking enough bandwidth to brute force the sequence number
> >or the likey sequence number space.

>
> I am not assuming a blind attack. I was positing an example situation
> that highlighted the importance of TCP sequence numbers. Please do not
> put words in my mouth.


But the predictability of ISNs are only important in blind attacks- if the
attacker can sniff the ISNs, then the sequence numbers have no
value to a connection under attack as far as I can tell. So if your
scenario doesn't assume a blind attack what am I missing?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards