From owner-freebsd-questions Mon Apr 12 9: 3:54 1999 Delivered-To: freebsd-questions@freebsd.org Received: from unix2.it-datacntr.louisville.edu (unix2.it-datacntr.louisville.edu [136.165.4.28]) by hub.freebsd.org (Postfix) with ESMTP id C550D15531 for ; Mon, 12 Apr 1999 09:03:48 -0700 (PDT) (envelope-from k.stevenson@louisville.edu) Received: from homer.louisville.edu (ktstev01@homer.louisville.edu [136.165.1.20]) by unix2.it-datacntr.louisville.edu (8.8.8/8.8.8) with ESMTP id MAA53590 for ; Mon, 12 Apr 1999 12:01:03 -0400 Received: (from ktstev01@localhost) by homer.louisville.edu (8.8.8/8.8.8) id MAA19578 for freebsd-questions@freebsd.org; Mon, 12 Apr 1999 12:01:26 -0400 (EDT) Message-ID: <19990412120126.B15762@homer.louisville.edu> Date: Mon, 12 Apr 1999 12:01:26 -0400 From: Keith Stevenson To: freebsd-questions@freebsd.org Subject: Sequential TCP port allocation? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We recently had an auditing firm run ISS against our network. The only "vulnerability" detected on our production FreeBSD box was a problem with "Predictable Sequence Ports". The description states that this FreeBSD box allocates its port numbers in sequential order. I've looked at several of my 2.2.8 boxes, and sure enough this appears to be true. Is there a setting or sysctl knob that I can tweak to change the system to allocate ports in a more random manner? If not, does 3.1-STABLE exhibit the same behavior? (Whether or not this qualifies as a real security vulnerability is irrelevant to me. Since the auditors labeled this as a "security hole" I have to present some sort of response to my management.) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message