From owner-freebsd-current  Wed May 22 14:37:29 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id OAA00262
          for current-outgoing; Wed, 22 May 1996 14:37:29 -0700 (PDT)
Received: from nol.net (root@dazed.nol.net [206.126.32.101])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id OAA00253
          for <current@FreeBSD.ORG>; Wed, 22 May 1996 14:37:26 -0700 (PDT)
Received: from dazed.nol.net (blh@dazed.nol.net [206.126.32.101]) by nol.net (8.7.5/8.7.3) with SMTP id QAA16965; Wed, 22 May 1996 16:36:30 -0500 (CDT)
X-AUTH: NOLNET SENDMAIL AUTH
Date: Wed, 22 May 1996 16:36:28 -0500 (CDT)
From: "Brett L. Hawn" <blh@nol.net>
To: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net>
cc: Paul Traina <pst@Shockwave.COM>, Garrett Wollman <wollman@lcs.mit.edu>,
        Poul-Henning Kamp <phk@critter.tfs.com>, current@FreeBSD.ORG
Subject: Re: freebsd + synfloods + ip spoofing 
In-Reply-To: <Pine.BSF.3.91.960522132204.3698E@apocalypse.superlink.net>
Message-ID: <Pine.SOL.3.93.960522163002.15887C-100000@dazed.nol.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 22 May 1996, Charles C. Figueiredo wrote:

> 	Brett, at first you were talking about how easy it was to hose ports 
> like 513 w/ SYN bit set packets, now you've moved into TCP sequence 
> prediction, that's irrelevant to how hard it would be to predict a seq on 
> a tcp session, in theory. The way the seq generator is right now, it's better 
> than some commercial implementations. I'm not coping the "It's 
> broken, but still better than the other stuff." attitude. You're blowing 
> this out of perportion. *I* want to see what the hell you've done to 
> prove FreeBSD is so insecure. If you built rbone, that's child's play; 
> and harmless if you're sensible enough to use tcp wrappers, and besides, 
> I think it still won't work. You're not going to create full-duplex 
> connection based services and expect to see what you're doing, are you?
> I wanna see what I asked for in the other letter.

I never made any commentary towards ports 513 or the like, I think you are
getting yourself confused. As for the tcp sequences, its quite easy to see,
catch me on IRC one day when I'm not busy and I'll happily spoof you and
pretend to be you just so you can see. Once we're done with that perhaps
I'll wander around and pretend to be your system and go fuck with some .gov
sites, I'm sure a visit from some federalies would just make your day no?
The basic problem here is the fact that I've yet to have a problem
pretending to be a fbsd box, which means for all intents and purposes that
if I wanted to cause you a lot of hell I could. Personally I find the idea
of someone being able to pretend their me enough reason to re-vamp the
sequence generator. Last I checked fbsd was still incrementing in 64k jumps,
even if the first ack is random, pretty simple from there.

Brett

BTW: You're taking this awfully personal aren't you? If I didn't know better
I'd say you're acting your age.