From owner-freebsd-hackers Thu Jan 30 16:21:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA15113 for hackers-outgoing; Thu, 30 Jan 1997 16:21:04 -0800 (PST) Received: from skylark.hilink.com.au (skylark.hilink.com.au [203.29.224.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA15093 for ; Thu, 30 Jan 1997 16:20:56 -0800 (PST) Received: from localhost (danny@localhost) by skylark.hilink.com.au (8.8.5/8.6.10) with SMTP id LAA21373; Fri, 31 Jan 1997 11:20:12 +1100 (EST) Date: Fri, 31 Jan 1997 11:20:11 +1100 (EST) From: "Daniel O'Callaghan" To: tiller@connectnet.com cc: hackers@freebsd.org Subject: TCP sequence numbers Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk The code below is taken from sys/netinet/tcp_seq.h in 2.2-ALPHA. It is not present in 2.1.5. That should indicate that TCP sequence number guessing attacks have been significantly stomped on. More knowledgeable people please correct me. /* * Increment for tcp_iss each second. * This is designed to increment at the standard 250 KB/s, * but with a random component averaging 128 KB. * We also increment tcp_iss by a quarter of this amount * each time we use the value for a new connection. * If defined, the tcp_random18() macro should produce a * number in the range [0-0x3ffff] that is hard to predict. */ #ifndef tcp_random18 #define tcp_random18() ((random() >> 14) & 0x3ffff) #endif #define TCP_ISSINCR (122*1024 + tcp_random18()) extern tcp_seq tcp_iss; /* tcp initial send seq # */ #else #define TCP_ISSINCR (250*1024) /* increment for tcp_iss each second */ #endif /* KERNEL */ #endif /* _NETINET_TCP_SEQ_H_ */