On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogaliat_private> wrote: >I don't know if anyone else attempted, but I whipped up a little patch for >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP >instead of incrementing it by one each time. Apply using 'patch'. Note that the patch is using libkern/random(). This function is a simple, multiplicative PNRG with 32-bits of state (all of which is `leaked' via its return value. Whilst the change might be better than a simple increment/decrement, I don't believe it provides any real security (especially in view of the %=2 operations). Peter
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:06 PDT