But despite Monday's advisory, the ISN flaw is hardly a new problem. The architects of the early Internet knew that the lack of randomness in the way that ISN (Initial Sequence Numbers) are chosen would be a problem as far back as the mid-1980s and warned of the potential consequences. AT&T researchers submitted a paper to the Internet Engineering Task Force in 1996 proposing a fix for the problem.
Security vendor Guardent announced it has identified a potentially huge problem in the inner workings of TCP (Transmission Control Protocol), one half of the TCP/IP standard that enables Internet traffic to flow across heterogeneous networks.
The problem, which is nearly identical to one found in some implementations of Cisco Systems' IOS software two weeks ago and first reported by eWEEK, involves the manner in which machines running TCP select the ISN. The ISN, a random value known only to the two machines at either end of a TCP session, is used to help identify legitimate packets and prevent extraneous data from muddying a transmission.
ISN values are exchanged by the sending and receiving hosts and are supposed to be chosen randomly. Each successive packet then contains a sequence number that is based on the ISN plus the number of bytes transferred to the receiving host.
But if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, an attacker could guess the ISN, thereby enabling him or her to hijack the session's traffic, inject false packets into the stream or even launch a denial of service attack against individual Web servers.
