Computer Networks, lect 11, p9

CITS3002 Computer Networks

← prev

CITS3002

help3002

CITS3002 schedule

TCP/IP Sequence Number Attacks

We'll consider a representative problem with TCP/IP by examining how TCP/IP establishes sessions between endpoints.

A three-way handshake is employed in the TCP open sequence.

If machine A wishes to establish a connection with machine B, A transmits the following message:

  A->B : SYN, ISN_a

This initial packet request has the synchronize sequence number bit (SSN) set in its header, and an initial 32-bit unsigned sequence number ISN_a.

B replies with:

  B->A : SYN, ISN_b, ACK(ISN_a)

to provide its own initial sequence number, ISN_b, and to acknowledge ISN_a.

A will finally acknowledge ISN_b with

  A->B : ACK(ISN_b)

and the connection is established.

This session establishment is considered secure, provided that the initial sequence numbers are so random that they cannot be guessed. If strictly conforming to RFC-793, each TCP/IP implementation is expected to employ its sequence number as a 32-bit counter, modified every 4usec.

CITS3002 Computer Networks, Lecture 11, Security of TCP/IP, p9, 15th May 2024.