Date: Sun, 20 Feb 2000 10:58:22 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Bjoern Groenvall <bg@sics.se> Cc: Dan Moschuk <dan@FreeBSD.ORG>, "smb@RESEARCH.ATT.COM Bill Fumerola" <billf@chc-chimes.com>, freebsd-security@FreeBSD.ORG Subject: Re: Random Sequence Numbers Message-ID: <Pine.BSF.4.10.10002201057450.49727-100000@hydrant.intranova.net> In-Reply-To: <wuu2j3zxgt.fsf@bg.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
That was dropped a while ago and I saw that post Steven did, and secondly Dan told me he's done it already so there was no need to go on as it was only about 4-5 lines of code. On 20 Feb 2000, Bjoern Groenvall wrote: > Dan Moschuk <dan@FreeBSD.ORG> writes: > > > This has been done, by me, using the arc4random() implementation I put into > > the kernel a few months ago. I'll be committing it after the code freeze. > > Before you go ahead and do this you might want to consider this > comment. (The message never made it way back to freebsd-security). > > From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM> > Subject: Re: Random Sequence Numbers > To: BUGTRAQ@SECURITYFOCUS.COM > Date: Thu, 10 Feb 2000 17:35:03 -0500 > Reply-To: smb@RESEARCH.ATT.COM > Return-Path: owner-bugtraq@SECURITYFOCUS.COM > > In message <00Feb10.090608est.115219@border.alcanet.com.au>, Peter Jeremy write > s: > > On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogali@intranova.net> wrote: > > >I don't know if anyone else attempted, but I whipped up a little patch for > > >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP > > >instead of incrementing it by one each time. Apply using 'patch'. > > > > Note that the patch is using libkern/random(). This function is a > > simple, multiplicative PNRG with 32-bits of state (all of which is > > `leaked' via its return value. Whilst the change might be better than > > a simple increment/decrement, I don't believe it provides any real > > security (especially in view of the %=2 operations). > > I never saw the original posting to this; let me suggest that folks read RFC > 1948 before doing sequence number randomization. > > --Steve Bellovin > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002201057450.49727-100000>