|
| TC: | 12102 | |
| Description: | When opening a connection on a TCP port, an Initial Sequence Number (ISN) is given. If the ISN can be guessed, it makes it easy for an attacker to establish a connection spoofing a legitimate user. This could give access to services that should not be reachable by any outsider. This test case checks if the ISN is based on the 64k Rule. 64k Rule : The Berkeley implementation (and all derivitives) increment the ISN clock by 128,000 each second and by a further 64,000 for each new connection. | |
| TC Impact: | Attack |
| Vulnerability Publication: | N/A | |
| Advisory Copyright: | N/A | |
| Summary: | It is possible to spoof legitimate users to establish connections to your host. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 7.6 |
| Vulnerability Impact: |
Attack |
|---|
| Host Impact: | Prediction of ISN number sequences allows attacker to launch IP address spoofing and session hijacking attacks. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Check with vendor for a fixed stack. |
| References: | ||
| * MISC: Defending Against Sequence Number Attacks: http://www.ietf.org/rfc/rfc1948.txt * MISC: RFC 793 http://www.ietf.org/rfc/rfc793.txt |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
IP TCP TCP ISN TCP port TCP/IP TCP/IP Stack |
|---|