From owner-freebsd-security  Sun Feb 20  9:13:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from europe.std.com (europe.std.com [199.172.62.20])
	by hub.freebsd.org (Postfix) with ESMTP id 997F837BE8D
	for <freebsd-security@freebsd.org>; Sun, 20 Feb 2000 09:13:13 -0800 (PST)
	(envelope-from lowell@world.std.com)
Received: from world.std.com (lowell@world-f.std.com [199.172.62.5])
	by europe.std.com (8.9.3/8.9.3) with ESMTP id MAA21265;
	Sun, 20 Feb 2000 12:12:40 -0500 (EST)
Received: (from lowell@localhost)
	by world.std.com (8.9.3/8.9.3) id MAA19527;
	Sun, 20 Feb 2000 12:12:40 -0500 (EST)
To: Omachonu Ogali <oogali@intranova.net>,
	freebsd-security@freebsd.org
Subject: Re: Random Sequence Numbers
References: <Pine.BSF.4.10.10002201057450.49727-100000@hydrant.intranova.net>
From: Lowell Gilbert <lowell@world.std.com>
Date: 20 Feb 2000 12:12:40 -0500
In-Reply-To: Omachonu Ogali's message of Sun, 20 Feb 2000 10:58:22 -0500 (EST)
Message-ID: <rd6hff3yf07.fsf@world.std.com>
Lines: 13
X-Mailer: Gnus v5.5/Emacs 20.2
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Omachonu Ogali <oogali@intranova.net> writes:

> That was dropped a while ago and I saw that post Steven did, and secondly
> Dan told me he's done it already so there was no need to go on as it was
> only about 4-5 lines of code.

Actually, what Dan had done was randomizing the *initial* sequence
numbers in a TCP session, as (in fact) Bellovin described in RFC 1948.
What *your* code did was randomize *every* packet's sequence number.  
I still insist on believing that you had to be kidding, because the idea
and the execution both qualify among the best spoofs I've seen in weeks.

 - Lowell Gilbert


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message