【正文】 a “transponder” function could log excessive ping requests. Other, perhaps more applicable, timing measurement techniques would involve attempted TCP connections。 this eliminates all need to The Berkeley implementation of stat was dangerous, but not for the reasons that I gave here. It did list the open ports on the machine, 1 The stat protocol is obsolete, but is still present on some Inter hosts. Security concerns were not behind its elimination. as well as all current connections。T was via the proprietary Datakit work, which he didn’t know how to exploit. By the time of the Inter worm of 1988, this paper was already in substantially its current form. The result was an analysis (to the best of my ability。 we called the resuling work the “Bell Labs Inter” or the “Ramp。 （見 CERT建議的 CA 2020 09）。i p237。d224。q236。zǎi w zh232。 m233。njiē b249。 li225。 dāndng le jiām236。該計劃如 RFC 所描述1948[10]，采用了加密散列函數(shù)來創(chuàng)建一個單獨(dú)的序列號空間，為每一個 “ 連接 “ ，每一個連接被 RFC791[81]定義為唯一 4tuple本地主機(jī)，本機(jī)連接埠 ，遠(yuǎn)程主機(jī)，遠(yuǎn)程連接埠 。 初始序列號生成器性能是沒有問題的。為確定正確的參數(shù)需要更多的研究和模擬。當(dāng)然， CPU的速度迅速增加。顯然，只要按照規(guī)范的 TCP信是不夠的。為了簡便起見，我們將忽略其他連接發(fā)生的問題，只考慮改變此計數(shù)器的固定利率。收到 “ 序列號。（諷刺的是，我聽說的序列號的安全屬性分析，事實(shí)上，在世界上所做的分類，他們得出結(jié)論，這種攻擊并不可行 … ） 序列號攻擊的故事還沒有結(jié)束。這些系統(tǒng)有一個脆弱的 stat命令。在這種攻擊中，入侵者模擬一個主機(jī)已關(guān)閉。另外，我們可以等待，直到 T是日常保養(yǎng)或重新啟動了。不過，假設(shè)有一種方式是入侵者 X來預(yù)測 ISNS的。這確實(shí)是一個糟糕的做身份驗證的方法，但它不受任何官方標(biāo)準(zhǔn)的保護(hù)。一些我們討論的是從 Berkeley的 UNIX系統(tǒng)版本派生協(xié)議，其他都是通用的互聯(lián)網(wǎng)協(xié)議。伯克利的 “ R 事業(yè) “ [22]。 [54]在我看來，有些批評是有效的。一個是羅伯特 .莫里斯關(guān)于序列號猜測攻擊的發(fā)現(xiàn)，這些都是廣泛的討論如下。新詞“ 內(nèi)聯(lián)網(wǎng) ” 當(dāng)時還沒有被發(fā)明。我已經(jīng)離開了完整的參考，即使現(xiàn)在有更好的版本。 該論文中的 “ TCP/ IP協(xié)議套件的安全問題 ” 最初是在 1989年 4月《計算機(jī)通信研究》第 19卷第 2號出版。回顧那篇論文確實(shí)具有 指導(dǎo)意義。 本文是我的原創(chuàng)作品的回顧。我的實(shí)驗室有一個電線，另一個實(shí)驗室有第二個，有一個 “ 骨干 “ 聯(lián)系將這兩個實(shí)驗室聯(lián)系在一起。更糟糕的是（專有）地址分配給他的機(jī)器上的軟件沒有看到該網(wǎng)絡(luò)的任何（專有）地址分配服 務(wù) 器，因此它分配 。 到了 1988年的網(wǎng)絡(luò)蠕蟲時代，這個文件已經(jīng)在實(shí)質(zhì)上是它目前的形式。 在今天廣泛使用的 TCP/ IP協(xié)議套件 [41， 21]，是根據(jù)美國國防部的贊助而發(fā)展起來的。 我們并不關(guān)心特別是實(shí)現(xiàn)了協(xié)議的缺陷，如通過互聯(lián)網(wǎng)的 “ 蠕蟲 ” [95， 90， 38]。 文獻(xiàn) [54]的批評之一是，我已經(jīng)集中在 RFC中描述的標(biāo)準(zhǔn)化協(xié) 議中把伯克利特定協(xié)議添加到一起?？蛻舳诉x擇并發(fā)送一個初始序列號 ISNC，服務(wù)器確認(rèn)并發(fā)送自己的 序列號 iSNS和客戶確認(rèn)。 莫里斯指出，回復(fù)消息 ST中 SYN（ ISNS） ,ACK（ ISNX）其實(shí)不是一個黑洞消失了，而是真正的主機(jī) T將接受它，并試圖重新連接。直到凱文米特尼克重新實(shí)現(xiàn)莫里斯的理念，并用它來攻擊下村勉 [93]。事實(shí)上，發(fā)現(xiàn)前者是許多攻擊工具的主要功能塊。根本的問題是：怎樣的一個層的屬性是 “ 出口 “ 到一個更高的層？假設(shè)在任何較高太多以后是一個錯誤，它可以導(dǎo)致功能失靈的正確性以及安全性故障。 圖 1。不過，關(guān)鍵的因素是粒度，而不是平均水平。顯然，互聯(lián)網(wǎng)不會出現(xiàn)在長期 [64]這種穩(wěn)定的，但它往往是在短期，因此有 2500中為 iSNS的可能值的不確定性。高優(yōu)先級中斷，或略有不同的 TCB 分配順序，將對下一個序列號的實(shí)際價值較大的影響。事實(shí)上，由于大多數(shù)這類發(fā)電機(jī)的輸出通過反饋工作，敵人可以簡單地計算出下一個選出的 “ 隨機(jī) “ 數(shù)目。開機(jī)時間是不足夠的 。另一方面，也許更適用，定時測量技術(shù)包括 TCP連接嘗試，這些連接都明顯短命的，甚至可能不會完全和 SYN的處理。 RFC suǒ mi225。i chu224。i měi yīg232。i w233。 . Zh232。 wǒ suǒ xiǎng de n224。 233。ng d224。sh237。 zh242。這對 TCP在重復(fù)的數(shù)據(jù)包，一個是保證更高層次的正確性財產(chǎn)存在明顯的負(fù)面影響。 I intentionally did not consider implementation or operational issues. I felt—and still feel—that that was the right approach. Bugs e and go, and everyone’s operational environment is different. But it’s very hard to fix protocollevel problems, especially if you want to maintain patibility with the installed base. This paper is a retrospective on my original work. New mentary is shown indented, in a sans serif font. The original text is otherwise unchanged, except for possible errors introduced when converting it from troff to LATEX. I’ve left the references intact, too, even if there are better versions today. The reference numbers and pagination are, of course, different。 these are discussed extensively below. Another was the “Shadow Hawk” incident—a teenager broke into various ATamp。 others are generic Inter protocols. We are also not concerned with classic work attacks, such as physical eavesdropping, or altered or injected messages. We discuss such problems only in so far as they are facilitated or possible because of protocol problems. For the most part, there is no discussion here of vendorspecific protocols. We do discuss some problems with Berkeley’s protocols, since these have bee de facto standards for many vendors, and not just for UNIX systems. One of the criticisms in [54]) was that I had lumped Berkeleyspecific protocols together with standardized protocols described in RFCs. It’s quite clear from the preceeding paragraph that I understood the difference. However, the use of addressbased authentication—a major flaw that I criticize throughout the paper—was peculiar to Berkeley’s software。 the amount of variability in this processing is critical. On a 6 MIPS machine, one tick—4 μseconds—is about 25 instructions. There is thus considerable sensitivity to the exact instruction path followed. Highpriority interrupts, or a slightly different TCB allocation sequence, will have a paratively large effect on the actual value of the next sequence number. This randomizing effect is of considerable advantage to the target. It should be noted, though, that faster machines are more vulnerable to this attack, since the variability of the instruction path will take less real time, and hence affect the increment less. And of course, CPU speeds are increasing rapidly. This suggests another solution to sequence number attacks: randomizing the increment. Care must be taken to use sufficient bits。 my claim here that extra CPU load during TCP connection establishment was irrelevant was rendered obsolete by the advent of very large Web servers. Indeed, maximum TCP connection rate is a vital metric when assessing modern systems. Instead, many implementations use random ISNs or (especially) random increments. This has obvious negative effects on the correctness of TCP in the presence of duplicate packets, a property that is guaranteed to higher layers. (Also see the appendix of [52].) Worse yet, Newsham pointed out that by the central limit theorem, the sum of a sequence of random increments will have a normal distribution, which implies that the actual range of the ISNs is quite small. (see CERT Advisory CA202009). There ar