Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!A.ISI.EDU!CERF
From: CERF@A.ISI.EDU
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Sequence numbers provide security?? (Bellovin's article)
Message-ID: <[A.ISI.EDU]14-May-89.11:18:14.CERF>
Date: 14 May 89 15:18:00 GMT
References: <8905081540.AA07029@TIS.COM>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 21

David,

The sequence numbers on TCP are intended to support sequenced,
non-duplicative data delivery from source to sink. The 3-way handshake is
supposed to help filter out accidental spoofing caused by old
duplicate connection initiation sequences or other old data
packets. This is a sort of suthentication, but by no means proof
against active spoof attacks of the sort envisioned by Bellovin.

Authentication in the sense of source/sink identity is surely not
the province of the sequence number/IP address mechanisms since
they are obviously penetrable in the absence of cryptographic
mechanisms.

I think Bellovin was focusing more on data integrity and on
the ease with which one might fool an innocent TCP implementation,
not so much to argue that the TCP sequence number and 3-way
handshake were bad but that something in addition was needed to
deal with authentication of origin.

Vint