From owner-freebsd-security  Fri Oct  6 14: 9:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17])
	by hub.freebsd.org (Postfix) with ESMTP id BB3C437B66C
	for <security@freebsd.org>; Fri,  6 Oct 2000 14:09:25 -0700 (PDT)
Received: from roman (helo=localhost)
	by jamus.xpert.com with local-esmtp (Exim 3.12 #5)
	id 13hekE-0000Ap-00; Fri, 06 Oct 2000 23:09:30 +0200
Date: Fri, 6 Oct 2000 23:09:30 +0200 (IST)
From: Roman Shterenzon <roman@xpert.com>
To: Alfred Perlstein <bright@wintelcom.net>
Cc: security@FreeBSD.ORG
Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd)
In-Reply-To: <20001006135157.G266@fw.wintelcom.net>
Message-ID: <Pine.LNX.4.10.10010062304060.464-100000@jamus.xpert.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 6 Oct 2000, Alfred Perlstein wrote:

> * Roman Shterenzon <roman@xpert.com> [001006 13:50] wrote:
> > It's great to see 2.2.8 patched !
> > Any idea about the solaris implementation of rfc1948 ?
> > Can this be done in FreeBSD?
> 
> I don't have time to look that up, what is it? SACK?
> 
> If it is afaik someone is already working on it.
RFC1948 - Defending Against Sequence Number Attacks

Solaris has "sysctl" alike interface (ndd) for those; 

# TCP_STRONG_ISS sets the TCP initial sequence number generation parameters.
# Set TCP_STRONG_ISS to be:
#     0 = Old-fashioned sequential initial sequence number generation.
#     1 = Improved sequential generation, with random variance in increment.
#     2 = RFC 1948 sequence number generation, unique-per-connection-ID.

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message