Guessing or knowing the initial TCP sequence number (ISN) that a server will choose enables an attacker to establish a TCP connection.

Please discuss if the following solutions are secure (to prevent hijacking etc.) and why. [x]₃₂ denotes truncation of x to the 32 least significant bits. K is a (permanent) secret key stored locally and only known to the server. H represents a secure hash function (e.g., SHA256) and its algorithm is publicly known. Also note that || means concatenation and the current timestamp is represented as a UNIX timestamp.

1. Server computes ISN as follows: ISN = [H(source IP address XOR destination IP address XOR current timestamp XOR K)]₃₂  

A sequence number is first byte of information in the TCP packet that would be sent. The sequence number of next byte the recipient would get is the acknowledgement number.

Step-by-step explanation

A TCP sequence predictions attack attempts to anticipate the sequence number that is used to distinguish packet in a Tcp protocol, which can be used to fake packets. The attacker wants to estimate the sequence number that the sender host would use correctly. If they succeed, they will be capable of sending fake packets to the receive side that appear to come from the sender side, despite the fact that the counterfeit packet may come from a third host managed by the attacker. One way this could happen is if the attacker listens in on the dialogue between both the trusted hosts and then sends packets with the same source Ip. By keeping an eye on the traffic beforehand. A malicious host can find out what sequence number is accurate. It's essentially a race between both the attacker as well as the trustworthy host to get the right packet delivered once the IP address as well as the appropriate sequence number are known. One popular approach for the adversary to send it first is to perform a Denial-of-Service attack against the trustworthy host. Once the attacker gets control of the link, he or she can transmit fake packets and wait for an answer.