A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets.[1]

The attacker hopes to correctly guess the sequence number to be used by the sending host. If they can do this, they will be able to send counterfeit packets to the receiving host which will seem to originate from the sending host, even though the counterfeit packets may in fact originate from some third host controlled by the attacker. One possible way for this to occur is for the attacker to listen to the conversation occurring between the trusted hosts, and then to issue packets using the same source IP address. By monitoring the traffic before an attack is mounted, the malicious host can figure out the correct sequence number. After the IP address and the correct sequence number are known, it is basically a race between the attacker and the trusted host to get the correct packet sent. One common way for the attacker to send it first is to launch another attack on the trusted host, such as a denial-of-service attack. Once the attacker has control over the connection, they are able to send counterfeit packets without getting a response.[2]

If an attacker can cause delivery of counterfeit packets of this sort, they may be able to cause various sorts of mischief, including the injection into an existing TCP connection of data of the attacker's choosing, and the premature closure of an existing TCP connection by the injection of counterfeit packets with the RST bit set, a TCP reset attack.

Theoretically, other information such as timing differences or information from lower protocol layers could allow the receiving host to distinguish authentic TCP packets from the sending host and counterfeit TCP packets with the correct sequence number sent by the attacker. If such other information is available to the receiving host, if the attacker can also fake that other information, and if the receiving host gathers and uses the information correctly, then the receiving host may be fairly immune to TCP sequence prediction attacks. Usually, this is not the case, so the TCP sequence number is the primary means of protection of TCP traffic against these types of attack.

Another solution to this type of attack is to configure any router or firewall to not allow packets to come in from an external source but with an internal IP address. Although this does not fix the attack, it will prevent the potential attacks from reaching their targets.[2]

See also

edit

References

edit
  1. ^ Bellovin, S.M. (1 April 1989). "Security Problems in the TCP/IP Protocol Suite". ACM SIGCOMM Computer Communication Review. 19 (2): 32–48. doi:10.1145/378444.378449. Retrieved 6 May 2011.
  2. ^ a b "TCP Sequence Prediction Attack". 6 April 2019.

📚 Artikel Terkait di Wikipedia

TCP reset attack

A TCP reset attack, also known as a forged TCP reset or spoofed TCP reset, is a way to terminate a TCP connection by sending a forged TCP reset packet

Transmission Control Protocol

be unpredictable to defend against TCP sequence prediction attacks. Acknowledgments (ACKs) are sent with a sequence number by the receiver of data to tell

Session hijacking

will not protect against attacks such as Firesheep. ArpON Cross-site request forgery HTTP cookie TCP sequence prediction attack Bugliesi, Michele; Calzavara

Network security

network Network Security Toolkit TCP Gender Changer – Method in computer networking TCP sequence prediction attack – Cyberattack involving counterfeit

Aircrack-ng

forensics and penetration testing) BackTrack, its predecessor TCP sequence prediction attack In the context of the FMS algorithm, votes represent the number

Intrusion detection system

the attacker will be under the radar and can easily bypass the detection system's ability to detect the attack signature. Avoiding defaults: The TCP port

IEEE 802.11

begins with an EtherType field, and here is no 802.2 header. Similar to TCP congestion control on the internet, frame loss is built into the operation

William Gibson

March 9, 2026. Retrieved January 28, 2021. Postel, J. (November 1981). NCP/TCP Transition Plan. IETF. doi:10.17487/RFC0801. RFC 801. Zakon, Robert H (November