In message <00Feb10.090608est.115219at_private>, Peter Jeremy write s: > On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogaliat_private> wrote: > >I don't know if anyone else attempted, but I whipped up a little patch for > >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP > >instead of incrementing it by one each time. Apply using 'patch'. > > Note that the patch is using libkern/random(). This function is a > simple, multiplicative PNRG with 32-bits of state (all of which is > `leaked' via its return value. Whilst the change might be better than > a simple increment/decrement, I don't believe it provides any real > security (especially in view of the %=2 operations). I never saw the original posting to this; let me suggest that folks read RFC 1948 before doing sequence number randomization. --Steve Bellovin
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:36 PDT