Date: Mon, 14 Apr 2003 12:59:24 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: freebsd-security@freebsd.org Subject: (OT) rfc1948 question Message-ID: <177486502273.20030414125924@internethelp.ru>
next in thread | raw e-mail | index | archive | help
Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_subr.c where in "Revision 1.73.2.22" one can read: ;------------------Begin clipboard---------------------------- Much delayed but now present: RFC 1948 style sequence numbers In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. ;--------------------End clipboard---------------------------- In the diff to previous revision: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_subr.c.diff?r1=1.73.2.21&r2=1.73.2.22 is said: ;------------------Begin clipboard---------------------------- + * The ISNs in SYN-ACK packets have no monotonicity requirement, + * and should be as unpredictable as possible to avoid the possibility + * of spoofing and/or connection hijacking. To satisfy this + * requirement, SYN-ACK ISNs are generated via the arc4random() + * function. If exact RFC 1948 compliance is requested via sysctl, + * these ISNs will be generated just like those in SYN packets. ;--------------------End clipboard---------------------------- But then I took a quick glance on my fresh 4.6 box, and found that SYN-ACK generation was moved to tcp_syncache.c I did not managed to find any rfc1948 related info in CVS log for this file. Maybe I just missed it. Then I just looked into my copy of tcp_syncache.c and found that: ;------------------Begin clipboard---------------------------- if (tcp_syncookies) sc->sc_iss = syncookie_generate(sc); else sc->sc_iss = arc4random(); ;--------------------End clipboard---------------------------- Is it the place where synack iss is generated? If yes, then why net.inet.tcp.syncookies sysctl is turned on by default? Is arc4random not enough random? Was there another reason to `request exact RFC 1948 compliance' by default? I am not just curious about that issue (although I _am_ curious :) ), but I am currnetly trying to understand the risks of trusted_hosts kind of security from rfc1948 point of view. I am not some cryptoanalyst, well to be honest I am totally new in cryptography, but from what I have read arc4 (or RC4 - they supposed to be identical) looks quite good as SPRNG given ARC4_MAXRUNS and ARC4_RESEED_SECONDS values are 16384 and 300s. Can anybody shed some light on this topic or point me to the URL to read. Any help is very good. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?177486502273.20030414125924>