From owner-freebsd-net Mon Jul 16 11:51:39 2001 Delivered-To: freebsd-net@freebsd.org Received: from citi.umich.edu (citi.umich.edu [141.211.92.141]) by hub.freebsd.org (Postfix) with ESMTP id 4C4C737B401 for ; Mon, 16 Jul 2001 11:51:36 -0700 (PDT) (envelope-from provos@citi.umich.edu) Received: from citi.umich.edu (ssh-mapper.citi.umich.edu [141.211.92.147]) by citi.umich.edu (Postfix) with ESMTP id B314F207C1; Mon, 16 Jul 2001 14:51:35 -0400 (EDT) Subject: Re: TCP ISN algorithm breaks TIME_WAIT (Re: select fails to return incoming connect on FreeBSD-4.3) To: Kris Kennaway Cc: Jonathan Lemon , gjohnson@srrc.ars.usda.gov, net@freebsd.org From: Niels Provos In-Reply-To: Kris Kennaway, Sun, 15 Jul 2001 13:11:48 PDT Date: Mon, 16 Jul 2001 14:51:35 -0400 Message-Id: <20010716185135.B314F207C1@citi.umich.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20010715131148.A10745@xor.obsecurity.org>, Kris Kennaway writes: >Sorry I've been ignoring this; I'm still getting caught up from my >vacation. Niels, how has OpenBSD handled this? Not. We have the same problem. I argue that the test is bogus. First of all, if we are getting a SYN for this 4-tuple, it is very likely that all segments from the old connection have left the network. The current code does not deal with wrap around either. On the other hand, there are already a number of operating systems that use randomized ISNs. Linux has been doing this for quite some time. As a result, we can not rely on monotonely increasing ISNs anyway. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message