From owner-freebsd-hackers  Thu Jan 30 22:02:41 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id WAA04339
          for hackers-outgoing; Thu, 30 Jan 1997 22:02:41 -0800 (PST)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA04334
          for <hackers@freebsd.org>; Thu, 30 Jan 1997 22:02:38 -0800 (PST)
From: proff@suburbia.net
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id WAA03774 for <hackers@freebsd.org>; Thu, 30 Jan 1997 22:03:50 -0800 (PST)
Received: (qmail 15591 invoked by uid 110); 31 Jan 1997 06:02:07 -0000
Message-ID: <19970131060207.15590.qmail@suburbia.net>
Subject: Re: TCP sequence numbers
In-Reply-To: <Pine.BSF.3.95.970131111755.542Y-100000@skylark.hilink.com.au> from Daniel O'Callaghan at "Jan 31, 97 11:20:11 am"
To: danny@hilink.com.au (Daniel O'Callaghan)
Date: Fri, 31 Jan 1997 17:02:06 +1100 (EST)
Cc: hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> The code below is taken from sys/netinet/tcp_seq.h in 2.2-ALPHA.  It is
> not present in 2.1.5.
> 
> That should indicate that TCP sequence number guessing attacks have been
> significantly stomped on.  More knowledgeable people please correct me.
> 
> /*
>  * Increment for tcp_iss each second.
>  * This is designed to increment at the standard 250 KB/s,
>  * but with a random component averaging 128 KB.
>  * We also increment tcp_iss by a quarter of this amount
>  * each time we use the value for a new connection.
>  * If defined, the tcp_random18() macro should produce a
>  * number in the range [0-0x3ffff] that is hard to predict.
>  */
> #ifndef tcp_random18
> #define	tcp_random18()	((random() >> 14) & 0x3ffff)
> #endif
> #define	TCP_ISSINCR	(122*1024 + tcp_random18())
> 
> extern tcp_seq	tcp_iss;		/* tcp initial send seq # */
> #else
> #define	TCP_ISSINCR	(250*1024)	/* increment for tcp_iss each second */
> #endif /* KERNEL */
> #endif /* _NETINET_TCP_SEQ_H_ */

This is insecure against more sophisticated attacks. Linear congruential generators
leak internal state, and this one does so badly. See my patch.

Cheers,
Julian <proff@iq.org>