Question: Guessing or knowing the initial TCP sequence number (ISN) that a server will choose enables an attacker to establish a TCP connection. Please discuss if

Guessing or knowing the initial TCP sequence number (ISN) that a server will choose enables an attacker to establish a TCP connection. Please discuss if the following solutions are secure (to prevent hijacking etc.) against off-path attackers and why. [x]₃₂denotes truncation of x to the 32 least significant bits. K is a (permanent) secret key stored locally and only known to the server. H represents a secure hash function (e.g., SHA256) and its algorithm is publicly known. Also note that || means concatenation and current timestamp is represented as UNIX timestamp. You can assume that 4 tuple information (source / destination IP and port) are known to the attacker. (1) Server selects ISN as ISN = [H(K)]₃₂.

(2) Server computes ISN as follows: ISN = [H(source IP address XOR destination IP address XOR current timestamp XOR K)]₃₂.

(3) Server computes ISN as ISN = [H(source IP address || destination IP address || source port number || destination port number || current timestamp)]₃₂.

(4) Server selects ISN using a standard (i.e., publicly-known) pseudo random generator with K as a seed.

(5) Server selects ISN as ISN = [AES ECB(K, counter)]₃₂, where the counter is continuous from the previous communication session.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

A creative engineer suggests structuring the TLB so that not all the bits of the presented address need match to result in a hit. Suggest how this might be achieved, and what might be the costs and...

N 6 . 5 . Does a SYN flooding attack cause the victim server to freeze? N 6 . 6 . In the SYN flooding attack, why do we randomize the source IP address? Why can't we just use the same IP address? N 6...

CW_Specification_CSI_5_PDN_20/21 Read this coursework specification carefully, it tells you how you are going to be assessed, how to submit your coursework on-time and how (and when) youll receive...

make sure to solve the question correctly using python and follow the mentioned instructions and requirements in the assignment , also the requests should be in the client side and I want you to...

I have to create a program in C and I can't figure it out. The program has to read a source file. Please help. /******************************************************************** PROJECT: Glossary...

This question involves the use of AGGREGATE linear PYTHOIN regression on the Auto data set. (a) Perform a simple linear regression with mpg as the response and horsepower as the predictor. Describe...

can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...

Let X1, ..., Xn be independent r.v.s, each of which is symmetric about 0. Then the r.v. X1 + ... + Xn is also symmetric about 0.

Write everything according to the question. Note: It is related to the performance evaluation of General Trainer of Bounce Fitness. Pattern of Skill Gap (2) Skill Requirement of Job Role i. ii....

Computer Science fast fast pls pls 1 s t Normal Form ( 1 NF ) In the Ice Cream Shop Example, our client would like to implement ( 1 ) multiple Addresses for each Customer, and ( 2 ) multiple Category...

Seved Help 14 Wisconsin Snowmobile Corp. is considering a switch to level production Cost efficiencies would occur under level production, and aftertax costs would decline by $31,500, but inventory...

7. Remind employees about the process periodically, such as once a year, so that they know it is operational and effective.

6. Notify employees of the change. Announce the change to an online handbook in a way that ensures all employees will know about the new format. Consider a mandatory sign-on within the transition...

3. Research the various ADR options to determine which ones are the best fit for the organization. For example, peer review is most successful when there is a high level of trust within the workforce.