From owner-freebsd-stable Fri Jan 4 21: 6:52 2002 Delivered-To: freebsd-stable@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id 0A6C237B419 for ; Fri, 4 Jan 2002 21:06:47 -0800 (PST) Received: (qmail 69848 invoked by uid 3193); 5 Jan 2002 05:06:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 5 Jan 2002 05:06:45 -0000 Date: Sat, 5 Jan 2002 00:06:45 -0500 (EST) From: Mike Silbersack X-Sender: To: Matthew Whelan Cc: , , , , Subject: Re: TCP Sequence-Prediction (4.5-PRE) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 5 Jan 2002, Matthew Whelan wrote: > If you've CVSup'd within the last 3 weeks (I suspect you must have done to > have 4.5-PRE ;p), you should have: > > * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 > jlemon Exp $ > > which appears now to have all the code for ISN generation (start looking at > line 1112 - does playing with the two sysctl's mentioned make any difference > to what ISS says? Looks like the isn_reseed_interval is only used if > strict_rfc1948 is not set) > > Matthew Guys, ISN generation has been secure since 4.3-release, though it has gone through a few revisions since then. If ISS disagrees, it is what should be inspected, not our ISN generation code. Changing the various sysctls is not going to change the output in any fashion that is noticeable to most people. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message