There are many security attacks that we can suffer on the network. Many types of threats carried out by cybercriminals with the aim of stealing information, damaging the proper functioning of systems and, ultimately, compromising our privacy. In this article, we are going to talk about what TCP sequence prediction attacks are . It is a problem that can affect us and it is convenient to know what it is about.
What does TCP and sequence numbers mean
The acronym TCP stands for Transmission Control Protocol, which in Spanish can be translated as Transmission Control Protocol. It is a connection-based protocol that requires a formal connection to be established between a sender and a receiver before data is passed between them. This formal connection is what is known as a “3-way-handshake.”
A client (the sender) transmits a segment to a server (the receiver) to request that a connection be established. This segment is a TCP data packet and carries a SYN (Synchronization Request) flag. The receiver, the server, responds with a SYN-ACK segment, which is a TCP data packet acknowledging that request. This confirms and establishes the TCP connection.
On the other hand we have the sequence number . That segment sent by the client also includes additional information, including the source port address, the destination port, and the initial sequence number or ISN. The latter is a value generated by the client’s system TCP. The SYN-ACK segment returned by the server reflects this Initial Sequence Number, along with other information.
We can therefore say that sequence numbers play an important role in TCP communications. A sequence number is defined as the number that TCP associates with the initial byte of data in a particular data packet.
What are TCP sequence prediction attacks
We can say in summary form that a TCP sequence prediction attack consists of predicting the sequence number that is used to identify the packets in a TCP connection. In this way they could falsify the packages and thus put security at risk.
The attacker’s objective in this case is to find out the number of sequences that the host that is going to send the packet will use. If that attacker managed to find out that number, they would have the ability to send forged packets to the destination host that will appear legitimate and have been sent by the destination host.
It basically means that those sent packets have been created by a third party and do not originate from the legitimate host. How can they achieve this? One way is by listening to the conversation between two trusted hosts and thus sending packets using the same source IP address.
By monitoring the traffic before the attack takes place, the attacker can thus achieve the sequential number that is later used together with the IP address to send the spoofed packets before the legitimate host does.
To ensure that the legitimate host does not send the packets sooner, cybercriminals sometimes carry out denial of service attacks against that host. When he gains control over that connection, an attacker can send as many fake packets as he wants without receiving a reply.
What Happens to a TCP Sequence Prediction Attack
We have seen what a TCP sequence prediction attack consists of. It is also important to know what can happen if an attacker succeeds and sends forged packets.
One of the results that can be derived from this type of threat is what is known as injection into a TCP connection . The attacker injects data of his choice. This could result in the closure of an existing TCP connection upon receipt of forged packet injection.
As we can see, it is a type of attack that can lead to significant problems for a connection . This makes it necessary to take precautionary measures to avoid falling victim to this problem.
It must be taken into account that this type of attack usually affects old devices, which do not have the necessary updates or are obsolete. For this reason, it is essential that all the computers that we have connected to a network have all the available patches and updates that can solve these vulnerabilities. Having outdated devices, which are not currently maintained, can be a danger to a network. Hence, we should avoid them as much as possible.