New User, Welcome!     Login

IP fragmentation

A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

you may appreciate, this enables DNS cache poisoning for OpenBSD
much like my earlier attacks on BIND 9, BIND 8 and Microsoft
Windows DNS server.

Interestingly enough, OpenBSD uses a flavor of this PRNG for
another field, this time the IP fragmentation ID, part of the
OpenBSD kernel network stack. The analysis carries out quite
similarly to show that OpenBSD's IP ID is predictable as well,
which gives way to O/S fingerprinting, idle-scanning, host alias
detection, traffic analysis, and in some cases, even to TCP blind
data injection.

Update+Errata: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

> you may appreciate, this enables DNS cache poisoning for OpenBSD
> much like my earlier attacks on BIND 9, BIND 8 and Microsoft
> Windows DNS server.
>
> Interestingly enough, OpenBSD uses a flavor of this PRNG for
> another field, this time the IP fragmentation ID, part of the
> OpenBSD kernel network stack. The analysis carries out quite
> similarly to show that OpenBSD's IP ID is predictable as well,
> which gives way to O/S fingerprinting, idle-scanning, host alias
> detection, traffic analysis, and in some cases, even to TCP blind
> data injection.

Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

> Interestingly enough, OpenBSD uses a flavor of this PRNG for
> another field, this time the IP fragmentation ID, part of the
> OpenBSD kernel network stack. The analysis carries out quite
> similarly to show that OpenBSD's IP ID is predictable as well,
> which gives way to O/S fingerprinting, idle-scanning, host alias
> detection, traffic analysis, and in some cases, even to TCP blind
> data injection.

Can you expound upon the blind TCP injection allowed by IP ID
prediction?

RE: A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"

> Subject: Re: A paper by Amit Klein (Trusteer): "OpenBSD DNS
> Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability"
>
> > Interestingly enough, OpenBSD uses a flavor of this PRNG
> for another
> > field, this time the IP fragmentation ID, part of the
> OpenBSD kernel
> > network stack. The analysis carries out quite similarly to
> show that
> > OpenBSD's IP ID is predictable as well, which gives way to O/S
> > fingerprinting, idle-scanning, host alias detection,


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!