Date: Sat, 5 Jan 2002 00:06:45 -0500 (EST) From: Mike Silbersack <silby@silby.com> To: Matthew Whelan <muttley@gotadsl.co.uk> Cc: <freebsd-security@FreeBSD.ORG>, <msch@snafu.de>, <freebsd-stable@FreeBSD.ORG>, <Peter.Sauerland@siemens.com>, <iss@cert.siemens.de> Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <Pine.BSF.4.30.0201050004410.43880-100000@niwun.pair.com> In-Reply-To: <GF97DA05OIA832C9IF3X2105PZWQOR.3c366e56@VicNBob>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Jan 2002, Matthew Whelan wrote: > If you've CVSup'd within the last 3 weeks (I suspect you must have done to > have 4.5-PRE ;p), you should have: > > * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 > jlemon Exp $ > > which appears now to have all the code for ISN generation (start looking at > line 1112 - does playing with the two sysctl's mentioned make any difference > to what ISS says? Looks like the isn_reseed_interval is only used if > strict_rfc1948 is not set) > > Matthew Guys, ISN generation has been secure since 4.3-release, though it has gone through a few revisions since then. If ISS disagrees, it is what should be inspected, not our ISN generation code. Changing the various sysctls is not going to change the output in any fashion that is noticeable to most people. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0201050004410.43880-100000>