| ▲ | aleks224 2 days ago | ||||||||||||||||
This was great to read. Related: Morris also discovered the predictable TCP sequence number bug and described it in his paper in 1985 http://nil.lcs.mit.edu/rtm/papers/117.pdf. Kevin Mitnick describes how he met some Israeli hackers with a working exploit only in only in 1994 (9 years later) in his book "Ghost in the Wires" (chapter 33). I tried to chronicle the events here (including the Jon Postel's RFC that did not specify how the sequence number should be chosen) https://akircanski.github.io/tcp-spoofing | |||||||||||||||||
| ▲ | tptacek a day ago | parent [-] | ||||||||||||||||
Mitnick's use of the sequence number spoofing exploit was a super big deal at the time; it's half of the centerpiece of his weird dramatic struggle with Tsutomu Shimomura, whose server he broke into with that exploit (the other half was Shimomura helping use radio triangulation to find him). Mitnick didn't write any of this tooling --- presumably someone in jsz's circle did --- but it also wasn't super easy to use; spoofing tools of that vintage were kind of a nightmare to set up. | |||||||||||||||||
| |||||||||||||||||