On Thu, 29 Nov 2007, Darden, Patrick S. wrote:

> >You're assuming a blind attack, a very dangerous assumption. Even with a
> >blind attack, you're assuming that (a) the attacker's prediction efforts
> >are stymied by hard-to-predict sequence numbers and (b) the attacker
> >(or defender) lacking enough bandwidth to brute force the sequence number
> >or the likey sequence number space.

> I am not assuming a blind attack. I was positing an example situation
> that highlighted the importance of TCP sequence numbers. Please do not
> put words in my mouth.

But the predictability of ISNs are only important in blind attacks- if the
attacker can sniff the ISNs, then the sequence numbers have no
value to a connection under attack as far as I can tell. So if your
scenario doesn't assume a blind attack what am I missing?

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
Art: http://PaulDRobertson.imagekind.com/

firewall-wizards mailing list