From owner-freebsd-security  Fri Jun  6 12:09:34 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA05377
          for security-outgoing; Fri, 6 Jun 1997 12:09:34 -0700 (PDT)
Received: from sendero-ppp.i-connect.net (sendero-ppp.i-Connect.Net [206.190.143.100])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id MAA05372
          for <security@FreeBSD.ORG>; Fri, 6 Jun 1997 12:09:31 -0700 (PDT)
Received: (qmail 746 invoked by uid 1000); 6 Jun 1997 19:09:35 -0000
Message-ID: <XFMail.970606120935.Shimon@i-Connect.Net>
X-Mailer: XFMail 1.2-alpha [p0] on FreeBSD
Content-Type: text/plain; charset=iso-8859-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <19970606091536.08429@tversu.ac.ru>
Date: Fri, 06 Jun 1997 12:09:35 -0700 (PDT)
Organization: Atlas Telecom
From: Simon Shapiro <Shimon@i-Connect.Net>
To: Vadim Kolontsov <vadim@tversu.ac.ru>
Subject: Re: sequence predictability (fwd)
Cc: security@FreeBSD.ORG
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Hi Vadim Kolontsov;  On 06-Jun-97 you wrote: 
> On Thu, Jun 05, 1997 at 09:26:31AM -0400, Robert N Watson wrote:
> > 
> > Having seen this post on the ntbugtraq mailing list, I was wondering
> how
> > preditcabkle sequence numbers in FreeBSD TCP connections were..  And is
> > this an accurate measurement?
> > 
> > Thanks
> > 
> 
>   How about implementing random choosing of start TCP sequence number?
> Of course, it need crypotographicaly strong random numbers generator..
> I think it will help a lot against TCP seq.numbers predictability
> attack.

Good Idea.  /dev/rand, setup properly produces very good results.

Simon