In message
<200004262133(_dot_)GAA22662(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp>,
Masataka Ohta wr
ites:
To avoid connection hijacking, cookies, such as TCP port and sequence
numbers, is enough, if they are long enough.
That's preposterous. Long-enough numbers are good *if* and only if there are
no eavesdroppers present. We learned in 1993 that eavesdroppers are present
on the Internet. As for hijacking -- see
@inproceedings{hijack,
title = {A Simple Active Attack Against {TCP}},
author = {Laurent Joncheray},
year = 1995,
booktitle = {Proceedings of the Fifth Usenix \Unix\ Security Symposium},
address = {Salt Lake City, UT}
}
for a description of how to take over connections in today's world if you can
see packets from it. Again, we don't have to assume that our enemies are
capable of it; we have empirical evidence.
You may use optional IPSEC over it for extra security (it is more
secure primarily because IPSEC keys are long cookies), but you
don't need it.
Nonsense. IPsec provides more security because the keys never travel over the
wire in the clear. Yes, key length is necessary to avoid guessing but it's
very far from sufficient.
--Steve Bellovin