Hosting Provided By

Re: Sequence Identification Routines?

From: Jeff Williams (at) Aspect <(at)>
Date: Mon Dec 09 2002 - 11:00:21 EST

Nick,

You might be interested in the paper at
http;//razor.bindview.com/publish/papers/tcpseq.html. They analyzed the randomness of tcp sequence numbers and represented the results graphically. Of course, this won't actually predict a value, just helps you understand how difficult it would be to predict a value. Generally, this is good enough.

--Jeff

Jeff Williams, CEO
jeff.williams@aspectsecurity.com
Aspect Security, Inc.
www.aspectsecurity.com

Original Message ----- From: Nick Jacobsen To: webappsec@securityfocus.com Sent: Monday, December 09, 2002 3:51 AM Subject: Sequence Identification Routines?

I was hoping one of you might have some input here... I am black box testing a web app that generates a 5 character (letter and number only, lowercase) verification string, that it then emails to the email address on
file, and then the receiver has to type it in to continue with his registration... now, I am looking for some sort of programming routines, snippets, or programs, that will look at a set of say, a 1000, numbers, and
tell me if there is any sensible pattern, off which to predict the next 5 character string in the sequence. Any suggestions welcome!

Thanks,
Nick Jacobsen
Ethics Design
nick@ethicsdesign.com Received on Mon Dec 9 13:37:00 2002

This message: [ Message body ]
Next message: securityarchitect(at)hush.com: "Re: Web single sign-on"
Previous message: Marty: "Web single sign-on"
In reply to: Nick Jacobsen: "Sequence Identification Routines?"
Next in thread: Tony Welsh: "RE: Sequence Identification Routines?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT

Do you need help?