Date: Wed, 22 May 1996 09:07:04 -0700 From: Paul Traina <pst@shockwave.com> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: Poul-Henning Kamp <phk@critter.tfs.com>, current@freebsd.org, blh@nol.net Subject: Re: freebsd + synfloods + ip spoofing Message-ID: <199605221607.JAA04887@precipice.shockwave.com> In-Reply-To: Your message of "Tue, 21 May 1996 16:53:47 EDT." <9605212053.AA01868@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garret, Brett is absolutely correct. I just looked at what was done for tcp_iss. If tcp_init is not called on every connection (it's not), then the whole design of the ISS randomization looks wrong to me. We're making tcp_iss random in tcp_init.c, but then manipulating it in totally predictable ways. This is not random at all. The ISS needs to be randomized on a PER tcp connection attempt. I realize that violates RFC 793, but it has to be done. Paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605221607.JAA04887>