OS Name: Netware 6 R1 radius: 10 Average R2: 2484 Average N: 11 Average error: 0 Attack feasibility: 90.00%

At first sight, Netware 5 and 6 appeared reasonably robust, providing approximately 24 bits of randomness. This result was confirmed by a trivial nmap test:

TCP Sequence Prediction: Class=random positive increments Difficulty=4636703 (Good luck!)

But when we took a closer look at the picture, we noticed that almost all points are excessively saturated, and that the coverage of the 24 bit space is, in fact, very poor. Further tests confirmed that, while Netware uses "random" deltas to generate subsequent ISNs, it appears that the random number generator is badly broken in that it constantly returns a small subset of randomly looking increments / decrements in a short cycle. Our tool was able to make correct guesses in 90% of the cases. Further analysis showed that Netware does not implement RFC1948 to minimize the impact of this issue.

After being contacted in the course of writing this paper, the Netware developers contacted us promptly, providing us with a sample of the new ISN generator that is supposed to solve the issue:

OS Name: Netware 6 (SP3) R1 radius: 100000 Average R2: 999 Average N: 34 Average error: n/a Attack feasibility: 0.00%

The attractor does look very interesting, suggesting that some randomness was added to less random output, perhaps the old generator, still leaving some gaps in the space, but the amount of this randomness is sufficient to make the attack not feasible, with approximately 30 bits of randomness present. UPDATE (10/20/2002): This fix is now available from Novell here.

Please note that use of the "packet signature" feature in Netware can minimize the exposure with previous versions. For more details, please refer to this or this URL at novell.com.