From owner-freebsd-current Tue May 21 08:39:18 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id IAA02688 for current-outgoing; Tue, 21 May 1996 08:39:18 -0700 (PDT) Received: from nol.net (root@dazed.nol.net [206.126.32.101]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA02676 for ; Tue, 21 May 1996 08:39:14 -0700 (PDT) Received: from dazed.nol.net (blh@dazed.nol.net [206.126.32.101]) by nol.net (8.7.5/8.7.3) with SMTP id KAA26897; Tue, 21 May 1996 10:39:10 -0500 (CDT) X-AUTH: NOLNET SENDMAIL AUTH Date: Tue, 21 May 1996 10:39:08 -0500 (CDT) From: "Brett L. Hawn" To: Garrett Wollman cc: current@FreeBSD.ORG Subject: Re: freebsd + synfloods + ip spoofing In-Reply-To: <9605211527.AA32609@halloran-eldar.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 21 May 1996, Garrett Wollman wrote: > < said: > > > For kicks some time ago I built a spoofer and I can tell you this much, > > creating at least a pseudo-random number generator for sequencing will stop > > a large # of the spoofers. > > Which is why this was introduced in FreeBSD many months ago. You'll have to pardon me if I don't see it, as part of the discussion we played with my spoofing utility and I found 2.2 -current just as easy to spoof as 2.0.5. I tried to spoof 3 linux boxes, 2 Solaris boxes, and one HP-UX box, all of which failed miserably, this tells me something very important.. the sequencing routines are still very easy to guess. Brett