No announcement yet.

Connection Desynchronization

  • Filter
  • Time
  • Show
Clear All
new posts

  • Connection Desynchronization

    The purpose of the TCP 3-way handshake is to establish a connection and part of this is synchronizing the sequence numbers for both ends of the connection.
    The two ends exchange packets that set the sequence number for further data transfer. This is the exchange of the Initial Sequence Number (ISN) for both the server and the client participating. Each packet in this continuous transfer has a sequence number and a subsequent acknowledgement number starting from the ISN and increasing as traffic is being transferred.
    Desynchronizing a connection involves breaking the flow of sequence numbers between the target and the host the target is communicating with. This is useful in the case of session hijacking not to take over the connection but to prevent the target from participating in communication on the stolen connection. Performing a session hijacking attack on the TCP level require the attacker to track the sequence numbers going back and forth between the two ends of the connection so the attacker can inject traffic with the correct sequence numbers. If the sequence numbers do not align with the receiving end the attack will fail. To increase the chance of launching a successful attack on a client communicating with a server, the attacker may inject a large number of null packets to increase the sequence numbers on the server so that the client is desynchronized and no longer uses sequence numbers the server will accept. Hence taking it out of the picture. When the client is no longer a participant, the sequence numbers are more predictable as there will be less traffic to affect the servers numbering.
    Certified Security Geek