You'd also have to correctly guess the value of the payload that was/would
have been included in the PING.
If the party sending PINGs always uses a random int64, there is a
1/1.8*10^19 chance that you can mess something up.
-=R
On Wed, May 7, 2014 at 1:09 PM, Martin Thomson <martin.thomson@gmail.com>wrote:
> On 7 May 2014 12:51, Mike Bishop <Michael.Bishop@microsoft.com> wrote:
> > Heh -- sending a PING response without having gotten a PING in the first
> place (or yet, if it's in flight) has the potential to mess with many state
> machines.... That's an interesting attack.
>
> Well, it is if you maintain state for PING like that.
>
> More seriously, if you had not considered this option, it's
> conceivable that others won't. Is this something we need to patch in
> the spec?
>
>