Welcome Guest.
No account yet? Register
Who's Online
We have 50 guests online

You are here: Home Ethical Hacking Discussions and Related Certifications Network Pen Testing Initial Sequence Number Calculation
 EH-Net
May 18, 2013, 10:14:58 PM
 News: Go back to The Ethical Hacker Network Online Magazine Home Page
 Pages: [1]   Go Down
 Author Topic: Initial Sequence Number Calculation  (Read 3381 times) 0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

 « on: September 19, 2006, 10:23:02 AM »

Hi All,

Recently I came across an article about Initial Sequence Number. The article says:

Quote
>>A Sequence number is a 32-bit number ranging from 1 to 4,294,967,295.
>> At bootstrapping time, the ISN is assigned a value of 1.
>> The ISN gets incremented by 128,000 every second and with every connection being established, it gets incremented by 64,000.

Now at one particular instance, if the ISN is 12345 (for example), what will be the ISN after the system is restarted? Will it be reset to 1 or is it stored somewhere in the address? More discussion or links to this topic will be really good.

Regards,

Morpheus
 Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
ryan
Newbie

Offline

Posts: 20

 « Reply #1 on: September 19, 2006, 12:30:18 PM »

As far as I can tell from the tcp specification, the ISN doesn't have to be set to 1 at bootstrap time to meet standards, but to answer your question directly if it IS set to one at bootstrap, then yes once a machine is restarted the ISN would be 1 again. This is all layed out in the rfc793 (TCP): http://rfc.sunsite.dk/rfc/rfc793.html

for more information on how more secure implementations SHOULD generate/permute ISN's check out steven bellovins RFC on ISN's: http://rfc.sunsite.dk/rfc/rfc1948.html

also, for info on how most implementations actually do their isn generation/permutations (which is poorly for the most part) read Michael Zalewski's research here: http://lcamtuf.coredump.cx/oldtcp/tcpseq.html#abs and here: http://lcamtuf.coredump.cx/newtcp/

-Ryan
 « Last Edit: September 19, 2006, 01:40:22 PM by ryan » Logged

 Pages: [1]   Go Up

Page created in 0.096 seconds with 23 queries.

Exclusive Deal

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 Great! Better. About the same. Little worse. FUBAR!

Recent Forum Topics
EH-Net News Feeds