TCP sequence prediction attack: Information from Answers.com

This article is part of the series: Computer Hacking

Hobbyist hacker Technology hacker Hacker programmer
Hacking in computer security
Computer security Computer insecurity Network security
History
Phreaking Cryptovirology
Hacker ethic
Black hat, Grey hat, White hat Hacker Manifesto Black Hat Briefings, DEF CON
Cybercrime
Computer crime, Crimeware List of convicted computer criminals Script kiddie
Hacking tools
Vulnerability Exploit Payload
Software
Malware Rootkit, Backdoor Trojan horse, Virus, Worm Spyware, Botnet, Keystroke logging Antivirus software, Firewall, HIDS
This box: view • talk

A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets.

The attacker hopes to correctly guess the sequence number to be used by the sending host. If they can do this, they will be able to send counterfeit packets to the receiving host which will seem to it to originate from the sending host, even though the counterfeit packets may in fact originate from some third host controlled by the attacker.

If an attacker can cause delivery of counterfeit packets of this sort, he or she may be able to cause various sorts of mischief, including the injection into an existing TCP connection of data of the attacker's choosing, and the premature closure of an existing TCP connection by the injection of counterfeit packets with the FIN bit set.

Theoretically, other information such as timing differences or information from lower protocol layers could allow the receiving host to distinguish authentic TCP packets from the sending host and counterfeit TCP packets with the correct sequence number sent by the attacker.

If such other information is available to the receiving host, if the attacker cannot also fake that other information, and if the receiving host gathers and uses the information correctly, then the receiving host may be fairly immune to TCP sequence prediction attacks. Usually this is not the case, so the TCP sequence number is the primary means of protection of TCP traffic against these types of attack.

External links

Security problems in the TCP/IP protocol suite, April 1989, Steven M. Bellovin
RFC 1948, Defending Against Sequence Number Attacks, May 1996, Steven M. Bellovin.
http://www.tech-faq.com/tcp-sequence-prediction.shtml
TCP sequence prediction Simulation

This computer network-related article is a stub. You can help Wikipedia by expanding it.

This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

Donate to Wikimedia

	Why does the TCP use a sequence number in the header? Read answer...
	What world war was the Pearl Harbor attack in who were the people that attacked when they attacked how they attacked where they attacked and why did they attack Please answer in this sequence please? Read answer...
	Did Billy Mitchell predict the attack on pearl harbor? Read answer...

	How do you predict gene orientation within a sequenced DNA sequence?
	How to predict gene orientation within a sequenced DNA Sequence?
	Which field can be compromised in the IP TCP to make teardrop attack effective?

TCP sequence prediction attack

See also

External links