- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I want to randomize the initial value of TCP Sequence number.
[Background]
Currently, the TCP initial sequence number (ISN) always starts from "0" when starting TCP connection immediately after reseting the wifi-module .
In order to connect to the Server that supports "Defending Against Sequence Number Attacks",
I want to randomize the initial value of TCP Sequence number.
Software environment:
- WICED 6.2.1
- LwIP
Hardware environment:
- murata type-1LD wifi-module
[Question]
Which part of the source code should I change ?
-----------------------------
I checked the following, but regarding the TCP sequence number,
it doesn't seem to be processed in particular.
/43xxx_Wi-Fi/WICED/network/LwIP/WICED/tcpip.c
Best Regards,
Sakagami
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Sakagami san,
LwIP contrib git already provides a similar example. You can try to port that in WICED SDK and reuse it.
If you migrate to addons\tcp_isn\, you will be able to find an implementation which uses MD5 to compute a hash of the input buffer, which contains both the four-tuple of the new TCP connection (local and remote IP address and port), as well as a 16-byte secret to make the results unpredictable to external parties.
Documentation: https://www.nongnu.org/lwip/2_0_x/group__lwip__opts__hooks.html#ga078d203053911cf3af178392700386a4
contrib git can be found from lwip website:lwip/lwip-contrib.git - lwIP Contrib - Contributed code for Lightweight TCP/IP stack
The tcp_isn.c contains further instructions to add the necessary changes in LwIP stack. Since, we have not tested this, you would need to take care of the WICED side of integration part. Let us know if you run into any issue. Meanwhile, I would also try to find some alternate way to do this.
Regards,
Raktim