The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Strange Attractors and TCP/IP Sequence Number Analysis – One Year Later

Posted by Xavier Ashe on January 19, 2006

Over a year ago, I published a whitepaper titled
Strange Attractors and TCP/IP Sequence Number Analysis” –
an attempt to evaluate TCP/IP sequence number generators in several
mainstream operating systems by mapping the dynamics of the generated
sequence numbers into a three-dimensional phase space. We demonstrated how
this approach can be used to find many non-trivial correlation,
and discussed why the results can be directly used to perform actual
ISN prediction.
This research, among with the research from Guardent, resulted in the release of
CERT Advisory CA-2001-09
and several vendor bulletins.

The goal of this follow-up is to evaluate any subsequent security measures
implemented by the vendors in this field since the release of the original
publication, and to evalute several systems that were not covered earlier.
For the purpose of this document, we assume that the reader has read the
original publication, and has an understanding of the methodology and
terminology used.

Please note that the presented results are preliminary and should not be
considered as a reliable metric for comparing the relative strength of
the operating systems ISN generators at this time.

Read the full article.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: