Date: Mon, 12 Apr 1999 12:01:26 -0400 From: Keith Stevenson <k.stevenson@louisville.edu> To: freebsd-questions@freebsd.org Subject: Sequential TCP port allocation? Message-ID: <19990412120126.B15762@homer.louisville.edu>
next in thread | raw e-mail | index | archive | help
We recently had an auditing firm run ISS against our network. The only "vulnerability" detected on our production FreeBSD box was a problem with "Predictable Sequence Ports". The description states that this FreeBSD box allocates its port numbers in sequential order. I've looked at several of my 2.2.8 boxes, and sure enough this appears to be true. Is there a setting or sysctl knob that I can tweak to change the system to allocate ports in a more random manner? If not, does 3.1-STABLE exhibit the same behavior? (Whether or not this qualifies as a real security vulnerability is irrelevant to me. Since the auditors labeled this as a "security hole" I have to present some sort of response to my management.) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990412120126.B15762>