Use timestamps plus PRNG for TCP initial sequence number #24
Comments
|
Also see RFC 1948/6528 – timestamps have been augmented by a PRNG since to avoid sequence number attacks. |
|
@klickverbot Is there some source of truth for which RFCs are actually authoritative for TCP? RFC 793 is hopelessly outdated and has errata, RFC 1122 fixes some of that, highlights a few common errors, many of which I did make, but also piles completely useless junk on top of it (I think every ICMP message it specifically mentions except unreachables and echo request/reply is deprecated, strongly discouraged and ignored by any modern implementation). |
|
@whitequark: Unfortunately, I don't know of any up to date list of RFCs relevant for the various areas, but I found the review in RFC 7414 to be quite useful (from 2015). |
|
@klickverbot Thanks |
whitequark
changed the title
|
The timeouts for sending out IGMP reports could also use a PRNG. Could one be built with just an |
|
The TCP specification dictates a particular algorithm for the PRNG. While not great it's more complex than just the timestamp... |
We don't have a clock with the 4 us resolution as RFC 793 wants, but it's likely fine to use the 1 ms resolution clock too.
The text was updated successfully, but these errors were encountered: