Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 596
  • Last Modified:

Why do sequence numbers jump?

Looking at this:
http://mvpbaseball.cc/capture.jpg

It says  
Sequence number :     58401
Next Sequence number:59346

What happend to to 58402? lol

Thanks, been wondering this a while
0
dissolved
Asked:
dissolved
  • 3
  • 2
5 Solutions
 
PsiCopCommented:
TCP Sequence Numbers are deliberately randomized to prevent, or at least make it harder for, an attacker to guess the next number in a TCP session and thereby be able to forge packets that might be accepted by one host (or both hosts) in a TCP conversation. There's this specific vulnerabilty, as an example:

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

And this is a more general discussion:

http://lcamtuf.coredump.cx/newtcp/

This isn't new. The idea was first floated in 1989 by a Bell Labs research paper. However, it wasn't until the late 90s before vendors began to seriously address the issue, and for M$, it was, predictably, even longer (they essentially used the same TCP/IP stack from W9x thru W2K).

The "fix" is to randomize TCP sequence numbers - tools like nmap can use sequencing as a tool to "fingerprint" an OS, based on the behaviour of its TCP/IP stack (among other things, but I understand this is a reliable way to identify M$ garbage). Different platforms do this different ways. For example, in Solaris, you can modify /etc/default/inetinit and increase the value of the TCP_ISS_STRONG setting to affect how the OS randomizes its TCP sequencing. Tools like nmap will also report the vulnerability of given implementations.
0
 
HackLifeCommented:
No. The Sequence number is 58401

The packet length for that sequent number is 945

58401 + 945 = 59346

The next Sequence number is 59346

945 + 20 (IP Header) + 20 (TCP Header) = 985

985 = Total Length.
0
 
HackLifeCommented:
PsiCop is actually referring to the initial sequence number, which IS randomized.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
HackLifeCommented:
Oh, and not every system generates the sequence number this way....
0
 
PsiCopCommented:
Yes, I got off on a tangent and failed to distinguish between ISNs and what dissolved was asking about. Didn't mean to confuse.
0
 
dissolvedAuthor Commented:
Thanks guys
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now