What you have heard is true. Almost all of the modern operating systems should be able to generate Initial sequence number which is almost random with a time component. But in some OSes(Solaris 2.6 etc), the new algorithm is not enabled by default. You need to check whether this is enabled on your machines.
Raghu -----Original Message----- From: SB CH [mailto:[EMAIL PROTECTED] Sent: Friday, April 04, 2003 7:14 AM To: [EMAIL PROTECTED] Subject: session-hijacking is still available? Hello, all. if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays. is it true or not? anyone still can session hijacking using session hijacking program like hunt? Thanks in advance. _________________________________________________________________ 확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드 http://www.msn.co.kr/fortune/default.asp ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify [EMAIL PROTECTED] immediately. You should not copy it or use it for any purpose, nor disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of ADP Wilco. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
