Postel, J., "RFC 793: TRANSMISSION CONTROL PROTOCOL: DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION," September 1981.
Eastlake, D., Crocker, S., Schiller, J., "RFC 1750: Randomness Recommendations for Security," December 1994.
Bellovin, S., "RFC 1948: Defending Against Sequence Number Attacks," May 1996.
Heffernan, A., "RFC 2385: Protection of BGP Sessions via the TCP MD5 Signature Option," August 1998.
Thayer, R., Doraswamy, N., Glenn, R., "RFC 2411: IP Security Document Roadmap," November 1998.
CERT� Advisory CA-1995-01: IP Spoofing Attacks and Hijacked Terminal Connections
CERT� Advisory CA-1996-21: TCP SYN Flooding and IP Spoofing Attacks
A Weakness in the 4.2BSD UNIX TCP/IP Software, Morris, R.,
Computing Science Technical Report No 117, ATT Bell Laboratories,
Murray Hill,New Jersey, 1985.
Security Problems in the TCP/IP Protocol Suite, Bellovin, S.,
Computer Communications Review, April 1989.
Simple Active Attack Against TCP, Joncheray, L., Proceedings,
5th USENIX UNIX Security Symposium, June 1995.
Newsham, T., "Guardent White Paper: The Problem with Random Increments," February 2001.
Zalewski, M., "Razor Paper: Strange Attractors and TCP/IP Sequence Number Analysis," April 2001.
Virtual Laboratories in Probability and Statistics, Random Samples Section 5: The Central Limit Theorem
Havrilla, J., "CERT Vulnerability Note VU#498440: Multiple TCP/IP implementations may use statistically predictable initial sequence numbers", March 2001.
The CERT/CC thanks Guardent, Inc. and BindView for their invaluable
contributions to this advisory. We also thank all the vendors who
participated in the discussion about this vulnerability and proposed
We also thank the following people for their individual contributions
to this advisory:
Copyright 2002 Carnegie Mellon University.