[13798] in bugtraq
Re: Random Sequence Numbers
daemon@ATHENA.MIT.EDU (Peter Jeremy)
Thu Feb 10 17:52:45 2000
Content-Return: prohibited
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <00Feb10.090608est.115219@border.alcanet.com.au>
Date: Thu, 10 Feb 2000 09:06:08 +1100
Reply-To: Peter Jeremy <peter.jeremy@ALCATEL.COM.AU>
From: Peter Jeremy <peter.jeremy@ALCATEL.COM.AU>
X-To: Omachonu Ogali <oogali@intranova.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.10.10002082258090.36875-100000@hydrant.intranova.net>; from oogali@intranova.net on Wed,
Feb 09, 2000 at 08:27:08PM +1100
On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogali@intranova.net> wrote:
>I don't know if anyone else attempted, but I whipped up a little patch for
>FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP
>instead of incrementing it by one each time. Apply using 'patch'.
Note that the patch is using libkern/random(). This function is a
simple, multiplicative PNRG with 32-bits of state (all of which is
`leaked' via its return value. Whilst the change might be better than
a simple increment/decrement, I don't believe it provides any real
security (especially in view of the %=2 operations).
Peter
