From owner-freebsd-security Fri Oct 12 8:38: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 444EB37B403 for ; Fri, 12 Oct 2001 08:37:59 -0700 (PDT) Received: (qmail 29768 invoked by uid 1000); 12 Oct 2001 15:37:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Oct 2001 15:37:57 -0000 Date: Fri, 12 Oct 2001 10:37:57 -0500 (CDT) From: Mike Silbersack To: Radoy Pavlov Cc: Subject: Re: Randomizing TCP sequence In-Reply-To: <3BC6D445.27C078CF@euroscript-ls.de> Message-ID: <20011012103330.F29732-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 12 Oct 2001, Radoy Pavlov wrote: > I'm trying to randomize my tcp sequence. Upon > experimenting with portsentry i made couple of > nmap scans and I was suprized to see that the > value never exceeds the number of 30, which IMO > is weak. I activated net.inet.tcp.strict_rfc1948=1, > which should do the randomizing, still i get a > value of 30 or so. Scan your box from another box; there's something funky with nmaping localhost. When I try it, nmap says that there aren't enough responses for a good identification. Alternately, run tcpdump and watch the sequence numbers; the output is quite pseudo-random. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message