Solved

Why do sequence numbers jump?

Posted on 2004-09-01
6
526 Views
Last Modified: 2008-03-10
Looking at this:
http://mvpbaseball.cc/capture.jpg

It says  
Sequence number :     58401
Next Sequence number:59346

What happend to to 58402? lol

Thanks, been wondering this a while
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
ID: 11960050
TCP Sequence Numbers are deliberately randomized to prevent, or at least make it harder for, an attacker to guess the next number in a TCP session and thereby be able to forge packets that might be accepted by one host (or both hosts) in a TCP conversation. There's this specific vulnerabilty, as an example:

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

And this is a more general discussion:

http://lcamtuf.coredump.cx/newtcp/

This isn't new. The idea was first floated in 1989 by a Bell Labs research paper. However, it wasn't until the late 90s before vendors began to seriously address the issue, and for M$, it was, predictably, even longer (they essentially used the same TCP/IP stack from W9x thru W2K).

The "fix" is to randomize TCP sequence numbers - tools like nmap can use sequencing as a tool to "fingerprint" an OS, based on the behaviour of its TCP/IP stack (among other things, but I understand this is a reliable way to identify M$ garbage). Different platforms do this different ways. For example, in Solaris, you can modify /etc/default/inetinit and increase the value of the TCP_ISS_STRONG setting to affect how the OS randomizes its TCP sequencing. Tools like nmap will also report the vulnerability of given implementations.
0
 
LVL 4

Accepted Solution

by:
HackLife earned 250 total points
ID: 11960104
No. The Sequence number is 58401

The packet length for that sequent number is 945

58401 + 945 = 59346

The next Sequence number is 59346

945 + 20 (IP Header) + 20 (TCP Header) = 985

985 = Total Length.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11960197
PsiCop is actually referring to the initial sequence number, which IS randomized.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11960236
Oh, and not every system generates the sequence number this way....
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
ID: 11960694
Yes, I got off on a tangent and failed to distinguish between ISNs and what dissolved was asking about. Didn't mean to confuse.
0
 

Author Comment

by:dissolved
ID: 11962252
Thanks guys
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question