From owner-freebsd-stable Wed Jan 9 13: 6:16 2002 Delivered-To: freebsd-stable@freebsd.org Received: from smart.eusc.inter.net (smart.eusc.inter.net [213.73.101.5]) by hub.freebsd.org (Postfix) with ESMTP id 26FDB37B41D for ; Wed, 9 Jan 2002 13:06:11 -0800 (PST) Received: from tc09-n66-241.de.inter.net ([213.73.66.241] helo=there) by smart.eusc.inter.net with smtp (Exim 3.22 #3) id 16OPvA-0001Hk-00; Wed, 09 Jan 2002 22:06:04 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Matthias Schuendehuette Reply-To: msch@snafu.de Organization: Micro$oft-free Zone To: Mike Silbersack Subject: Re: TCP Sequence-Prediction (4.5-PRE) Date: Wed, 9 Jan 2002 22:05:36 +0100 X-Mailer: KMail [version 1.3.1] References: <20020108151125.S34973-100000@patrocles.silby.com> In-Reply-To: <20020108151125.S34973-100000@patrocles.silby.com> Cc: Jonathan Lemon , freebsd-stable@freebsd.org, Peter.Sauerland@siemens.com MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello Mike, Hello Jonathan Am Dienstag, 8. Januar 2002 16:16 schrieben Sie (Mike): > > I'm not really sure anything is wrong here. The duplicate sequence > numbers you are seeing are due to the syn cookie code working as > expected. While the values are duplicated for you, they should not be > guessable by anyone else. > > If you'd like to go back to random ISNs, you can simply set > net.inet.tcp.syncookies=0. Security is probably comparable in either > case. > > So, ISS is right in that sequence numbers are repeating, but wrong in > that they are predictable. The authors of ISS should probably sit > down and try to modify their detection so that it detects RFC 1948 > and syncookie generated sequence numbers as distinct from other > classes. Today, my company's CERT confirmed your diagnosis in all points (I guess, they read the mailing list too ;-). They informed ISS about this issue and I hope that this apparition disappears really soon. I think we may close this case and all that remains for me is to thank you very much for your participation and valuable informations - I really appreciated to find out what was going on here. FreeBSD remains for me one of the greatest OSs around! Ciao/BSD - Matthias -- *************************************************************************** * Matthias Schuendehuette msch@snafu.de * * Solmsstrasse 44 * * D-10961 Berlin Engineering Systems Support and Operation * * Germany (Powered by FreeBSD 4.5-PRERELEASE) * *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message