From owner-freebsd-security Fri Jan 4 9:58:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 6376E37B41D for ; Fri, 4 Jan 2002 09:57:47 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA20792; Fri, 4 Jan 2002 10:57:06 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g04Hv1b82253; Fri, 4 Jan 2002 10:57:01 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15413.60653.239507.483256@caddis.yogotech.com> Date: Fri, 4 Jan 2002 10:57:01 -0700 To: Joe Clarke Cc: msch@snafu.de, freebsd-security@FreeBSD.ORG Subject: Re: TCP Sequence-Prediction (4.5-PRE) In-Reply-To: <1010165550.16995.2.camel@shumai.marcuscom.com> References: <1010092075.86152.20.camel@shumai.marcuscom.com> <1010165550.16995.2.camel@shumai.marcuscom.com> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ TCP 4.5-PRE uses predictable sequences # according to ISS ] > > I think, the point is what ISS states as 'predictable'... I'll wait > > what our iss-service declares - I can't imagine that 4.5-PRERELEASE is > > worse than 4.1.1-STABLE concerning 'tcp prediction'. > > Later FreeBSD 4.x's use arc4random for ISS. It get all 9's from nmap, > and is completely unguessable. Upgrading to 4.4-RELEASE or 4.5-PRE will > set you up. See the subject line. He is using 4.5-PRE. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message