Date: Wed, 9 Jan 2002 22:05:36 +0100 From: Matthias Schuendehuette <msch@snafu.de> To: Mike Silbersack <silby@silby.com> Cc: Jonathan Lemon <jlemon@flugsvamp.com>, freebsd-stable@freebsd.org, Peter.Sauerland@siemens.com Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <E16OPvA-0001Hk-00@smart.eusc.inter.net> In-Reply-To: <20020108151125.S34973-100000@patrocles.silby.com> References: <20020108151125.S34973-100000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Mike, Hello Jonathan Am Dienstag, 8. Januar 2002 16:16 schrieben Sie (Mike): > > I'm not really sure anything is wrong here. The duplicate sequence > numbers you are seeing are due to the syn cookie code working as > expected. While the values are duplicated for you, they should not be > guessable by anyone else. > > If you'd like to go back to random ISNs, you can simply set > net.inet.tcp.syncookies=0. Security is probably comparable in either > case. > > So, ISS is right in that sequence numbers are repeating, but wrong in > that they are predictable. The authors of ISS should probably sit > down and try to modify their detection so that it detects RFC 1948 > and syncookie generated sequence numbers as distinct from other > classes. Today, my company's CERT confirmed your diagnosis in all points (I guess, they read the mailing list too ;-). They informed ISS about this issue and I hope that this apparition disappears really soon. I think we may close this case and all that remains for me is to thank you very much for your participation and valuable informations - I really appreciated to find out what was going on here. FreeBSD remains for me one of the greatest OSs around! Ciao/BSD - Matthias -- *************************************************************************** * Matthias Schuendehuette msch@snafu.de * * Solmsstrasse 44 * * D-10961 Berlin Engineering Systems Support and Operation * * Germany (Powered by FreeBSD 4.5-PRERELEASE) * *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16OPvA-0001Hk-00>