Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!rutgers!aramis.rutgers.edu!geneva.rutgers.edu!hedrick From: hedrick@geneva.rutgers.edu (Charles Hedrick) Newsgroups: comp.protocols.tcp-ip Subject: Re: Sequence numbers provide security?? (Bellovin's article) Message-ID: Date: 9 May 89 00:16:03 GMT References: <8905081540.AA07029@TIS.COM> Organization: Rutgers Univ., New Brunswick, N.J. Lines: 20 Being able to predict TCP sequence numbers is relevant because it allows one to be able to give commands over a one-way link. This means that gateways (routers) don't provide as much security as they seem to. We've known for a long time that it is easy to fake IP source addresses. So at first glance security based on source address doesn't look very useful. The counterargument was always "well, sure they can fake a source address, but the other direction will go back to the real machine, not the imposter, so the imposter can't get a real connection going". If the imposter can guess the sequence number that the other end is going to use, then it can probably dummy up an ACK field that will let the connection stay open long enough to send a command. I now believe that if you're going to depend upon IP source addresses (and from a practical point of view that may still be the only tool some of us have), you should set up your gateways to compare the claimed IP source address with the actual packet source. E.g. Rutgers might set up all exterior gateways to reject packets coming from the outside with source addresses of 128.6.x.x (our class B address). Similarly, the CS department might reject all packets physically from outside our department with a source address on one of our departmental networks.