From owner-freebsd-security Thu Apr 12 7: 0:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 0319037B423 for ; Thu, 12 Apr 2001 07:00:10 -0700 (PDT) (envelope-from mikeallen99@home.com) Received: from home.com ([24.10.183.89]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010412135723.JHQR29484.femail4.sdc1.sfba.home.com@home.com>; Thu, 12 Apr 2001 06:57:23 -0700 Message-ID: <3AD5B6F9.64837442@home.com> Date: Thu, 12 Apr 2001 07:08:57 -0700 From: Mike Allen Organization: @Home Network X-Mailer: Mozilla 4.74 [en]C-AtHome0405 (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack Cc: Mark T Roberts , freebsd-security@FreeBSD.ORG Subject: Re: non-random IP IDs References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You are right. Sorry for the confusion. I must be sleepy. :) Mike Allen Mike Silbersack wrote: > > On Wed, 11 Apr 2001, Mike Allen wrote: > > > Predictible IP ID numbers can be used by an attacker to hijack your > > session causing the following effects: > > > > 1. The successful attacker can 'take over' your session and > > do anything he/she wants to do with your files. No log > > You're confusing ip ids with tcp sequence numbers. ip ids have no such > importance. > > Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message