From owner-freebsd-hackers Thu Jan 30 19:47:20 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA27949 for hackers-outgoing; Thu, 30 Jan 1997 19:47:20 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA27930; Thu, 30 Jan 1997 19:47:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id TAA27603; Thu, 30 Jan 1997 19:46:37 -0800 (PST) Message-Id: <199701310346.TAA27603@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: "That Doug Guy" cc: "freebsd-hackers@freebsd.org" , "freebsd-isp@freebsd.org" Subject: Re: 2.2+ and sequence number guessing In-reply-to: Your message of "Thu, 30 Jan 1997 15:40:11 PST." <199701302341.PAA18857@smtp.connectnet.com> From: David Greenman Reply-To: dg@root.com Date: Thu, 30 Jan 1997 19:46:37 -0800 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I have been doing some research on the security of various *nix's, >and found some very interesting discussion in the mail archives regarding >the security of freebsd vs. a sequence number guessing IP spoof attack. >Without rehashing what seemed to be a rather heated discussion last spring, >I am wondering if someone could fill me in on any changes, improvements, >etc. that have been made in 2.2 regarding this problem. Also, if someone >could highlight the changes regarding security against syn flooding >promised in 2.2, it would help. Of course, if this information is already >available on line, a pointer to it would be appreciated. There were changes made that made the initial sequence number more random. See rev 1.29 of tcp_input.c. The random drop syn-flood protection was implemented. See rev 1.52 of tcp_input.c. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project