| 1 |
On Tue, 2004-04-20 at 23:18, Florian Weimer wrote: |
| 2 |
> Yes, indeed. IRC is another likely victim. |
| 3 |
For IRC you'd need to guess the source port too. The window reduces the |
| 4 |
combinations one must use to get a correct sequence number, but the way |
| 5 |
the source port is chosen still makes this attack rather hard. |
| 6 |
As such I don't see what the fuss is about, this is a known problem, see |
| 7 |
the article |WARL0RD| wrote in 2001: |
| 8 |
http://www.nologin.org/Downloads/Papers/tcp-brute-reset.txt |
| 9 |
|
| 10 |
- YY |
| 11 |
They that give up essential liberty to obtain a little temporary safety |
| 12 |
deserve neither liberty nor safety. |
| 13 |
- Benjamin Franklin |
Archives