From owner-freebsd-security  Mon Nov 24 05:25:46 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA02202
          for security-outgoing; Mon, 24 Nov 1997 05:25:46 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA02196
          for <security@FreeBSD.ORG>; Mon, 24 Nov 1997 05:25:39 -0800 (PST)
          (envelope-from avalon@coombs.anu.edu.au)
Message-Id: <199711241325.FAA02196@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA154627890; Tue, 25 Nov 1997 00:24:50 +1100
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: new TCP/IP bug in win95 (fwd)
To: Don.Lewis@tsc.tdk.com (Don Lewis)
Date: Tue, 25 Nov 1997 00:24:49 +1100 (EDT)
Cc: jas@flyingfox.com, robert@cyrus.watson.org, security@FreeBSD.ORG
In-Reply-To: <199711241136.DAA21524@salsa.gv.tsc.tdk.com> from "Don Lewis" at Nov 24, 97 03:36:41 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Don Lewis, sie said:
> 
> +	 *	As it stands, it's possible for a forged SYN to cause
> +	 *	us to do a self-connect on a listening socket if the
> +	 *	proper sequence number can be guessed.

The non-trivial to guess iss is the default now, right ?