问题
I am currently trying to write a program that will be able to create stable a TCP connection and have complete control over the ISN numbers. I've been writing in C and I am at a point where my very limited knowledge has reached its limits and I was wondering if there's a better way of doing it.
What I tried was building the headers manually, using raw sockets to send and recieve the packets without the kernel interfering, which is a challenge.
So regardless of language, what do you reckon is the most efficient and easiest way of manipulating the ISN?
回答1:
Well, ISN is generatred in a random way to prevent ISN perediction attack (http://www.thegeekstuff.com/2012/01/tcp-sequence-number-attacks/).
The Linux Network stack, use the function tcp_v4_init_sequence to generate the ISN (http://lxr.free-electrons.com/source/net/ipv4/tcp_ipv4.c#L101), this function call secure_tcp_sequence_number function (http://lxr.free-electrons.com/source/net/core/secure_seq.c#L106) to do the job. Take a look at this function and try to clone it so can use it with your code from userspace.
If you have enough time you can look at section 3 of the RFC 6528 (http://www.rfc-editor.org/rfc/rfc6528.txt), it describe an algorithm on how to generate ISN:
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
And try to implement it, if you want :)
来源:https://stackoverflow.com/questions/12223002/most-efficient-way-to-manipulate-isn-numbers-in-tcp-headers