In TCP sequence prediction attacks, an attacker impersonates a Client and completes a TCP handshake between that Client and a Server, without ever receiving any packets that the Server sends back to the Client. In order to do so, the attacker must correctly guess the initial sequence number (ISN) sent from the Server to the Client. The kernel on Tsutomu Shimomura’s machine generated easily predictable ISNs, making the attack possible.
The attack is featured in the movie Takedown, but it’s not a very good source of information on the technical aspects of the attack itself.
Easily predictable TCP initial sequence numbers became extinct in 1996 with the introduction of RFC 1984. The tsutomu machine inside the warzone reintroduces easily predictable ISNs so that you can try out this attack for yourself and test your skills.
How to play
This challenge is part of the OverTheWire Advent Bonanza 2018 CTF, which is now hosted on the warzone too.
After connecting to the warzone, tsutomu can be found at http://172.30.30.30.
To avoid interfering with others working on tsutomu, you may find it helpful to coordinate in the #warzone channel on our chat.