Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Initial value of TCP Sequence number

Initial value of TCP Sequence number

KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored
‎May 12, 2020 10:50 PM
‎May 12, 2020 10:50 PM
Jump to solution

Hi All,
I want to randomize the initial value of TCP Sequence number.

[Background]
Currently, the TCP initial sequence number (ISN) always starts from "0" when starting TCP connection  immediately after reseting the wifi-module .
In order to connect to  the Server that supports "Defending Against Sequence Number Attacks",
I want to randomize the initial value of TCP Sequence number.

Software environment:
        - WICED 6.2.1
        - LwIP

Hardware environment:
        - murata type-1LD wifi-module

[Question]
Which part of the source code should I change ?

-----------------------------
I checked the following, but regarding the TCP sequence number,
it doesn't seem to be processed in particular.

/43xxx_Wi-Fi/WICED/network/LwIP/WICED/tcpip.c

Best Regards,
       Sakagami

0 Likes
Subscribe
1 Solution

Re: Initial value of TCP Sequence number

RaktimR_11
Moderator
Moderator
Moderator
500 replies posted 250 replies posted 100 replies posted
In response to KoSa_1909416
‎May 19, 2020 10:01 PM
‎May 19, 2020 10:01 PM
Jump to solution

Dear Sakagami san,

LwIP contrib git already provides a similar example. You can try to port that in WICED SDK and reuse it.

If you migrate to addons\tcp_isn\, you will be able to find an implementation which uses MD5 to compute a hash of the input buffer, which contains both the four-tuple of the new TCP connection (local and remote IP address and port), as well as a 16-byte secret to make the results unpredictable to external parties.

Documentation: https://www.nongnu.org/lwip/2_0_x/group__lwip__opts__hooks.html#ga078d203053911cf3af178392700386a4

contrib git can be found from lwip website:lwip/lwip-contrib.git - lwIP Contrib - Contributed code for Lightweight TCP/IP stack

The tcp_isn.c contains further instructions to add the necessary changes in LwIP stack. Since, we have not tested this, you would need to take care of the WICED side of integration part. Let us know if you run into any issue. Meanwhile, I would also try to find some alternate way to do this.

Regards,
Raktim

View solution in original post

0 Likes
6 Replies