From owner-freebsd-security  Thu Jun  5 06:26:38 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id GAA13093
          for security-outgoing; Thu, 5 Jun 1997 06:26:38 -0700 (PDT)
Received: from cmu1.acs.cmu.edu (CMU1.ACS.CMU.EDU [128.2.35.186])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA13088
          for <security@freebsd.org>; Thu, 5 Jun 1997 06:26:35 -0700 (PDT)
Received: from apriori.cc.cmu.edu (APRIORI.CC.CMU.EDU [128.2.72.117]) by cmu1.acs.cmu.edu (8.8.2/8.7.3) with SMTP id JAA02644 for <security@freebsd.org>; Thu, 5 Jun 1997 09:26:32 -0400
Date: Thu, 5 Jun 1997 09:26:31 -0400 (EDT)
From: Robert N Watson <rnw@andrew.cmu.edu>
X-Sender: rnw@apriori.cc.cmu.edu
To: security@freebsd.org
Subject: sequence predictability (fwd)
Message-ID: <Pine.SUN.3.93l.970605092540.9675A-100000@apriori.cc.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Having seen this post on the ntbugtraq mailing list, I was wondering how
preditcabkle sequence numbers in FreeBSD TCP connections were..  And is
this an accurate measurement?

Thanks

----
Robert Watson <rnw+@Andrew.cmu.edu>

---------- Forwarded message ----------
Date: Fri, 30 May 1997 13:20:49 -0400
From: David LeBlanc <dleblanc@ISS.NET>
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
    David LeBlanc <dleblanc@ISS.NET>
To: NTBUGTRAQ@RC.ON.CA
Subject: sequence predictability

I had previously stated that NT was TCP sequence predictable.  In response
to a question, I did a bit of research on our network and found the following:

This is largely fixed in SP3.  Instead of being from 15-85% predictable, it
is now from 5% to ~20% predictable.  This is fairly reasonable.

For comparison, IRIX, HP-UX, SunOS, and AIX are all _extremely_ predictable
- 50% or better on a consistent basis.  BSD is typically very predictable.

However, Linux and Solaris are best at this, and are consistently 5%
predictable or less.  I would like to see NT join this group, but SP3 shows
a substantial improvement.

-----------------------------------------------------------
David LeBlanc                   | Voice: (770)395-0150 x138
Internet Security Systems, Inc. | Fax:   (404)395-1972
41 Perimeter Center East        | E-Mail:  dleblanc@iss.net
Suite 660                       | www: http://www.iss.net/
Atlanta, GA 30328               |