.

Initial Sequence Number Calculation

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Tue Sep 19, 2006 10:23 am

Initial Sequence Number Calculation

Hi All,

Recently I came across an article about Initial Sequence Number. The article says:

>>A Sequence number is a 32-bit number ranging from 1 to 4,294,967,295.
>> At bootstrapping time, the ISN is assigned a value of 1.
>> The ISN gets incremented by 128,000 every second and with every connection being established, it gets incremented by 64,000.


Now at one particular instance, if the ISN is 12345 (for example), what will be the ISN after the system is restarted? Will it be reset to 1 or is it stored somewhere in the address? More discussion or links to this topic will be really good.

Regards,

Morpheus
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

ryan.cartner

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Aug 15, 2006 12:26 pm

Post Tue Sep 19, 2006 12:30 pm

Re: Initial Sequence Number Calculation

I'm assuming you're talking about TCP ISN's, and the article you read was by Ankit Fadia?

As far as I can tell from the tcp specification, the ISN doesn't have to be set to 1 at bootstrap time to meet standards, but to answer your question directly if it IS set to one at bootstrap, then yes once a machine is restarted the ISN would be 1 again. This is all layed out in the rfc793 (TCP): http://rfc.sunsite.dk/rfc/rfc793.html

for more information on how more secure implementations SHOULD generate/permute ISN's check out steven bellovins RFC on ISN's: http://rfc.sunsite.dk/rfc/rfc1948.html

also, for info on how most implementations actually do their isn generation/permutations (which is poorly for the most part) read Michael Zalewski's research here: http://lcamtuf.coredump.cx/oldtcp/tcpseq.html#abs and here: http://lcamtuf.coredump.cx/newtcp/

-Ryan
Last edited by ryan.cartner on Tue Sep 19, 2006 1:40 pm, edited 1 time in total.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software