[13822] in bugtraq
Re: Random Sequence Numbers
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Feb 14 14:50:32 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000210223508.9E6D041F16@SIGABA.research.att.com>
Date: Thu, 10 Feb 2000 17:35:03 -0500
Reply-To: smb@RESEARCH.ATT.COM
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To: Peter Jeremy <peter.jeremy@alcatel.com.au>
To: BUGTRAQ@SECURITYFOCUS.COM
In message <00Feb10.090608est.115219@border.alcanet.com.au>, Peter Jeremy write
s:
> On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogali@intranova.net> wrote:
> >I don't know if anyone else attempted, but I whipped up a little patch for
> >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP
> >instead of incrementing it by one each time. Apply using 'patch'.
>
> Note that the patch is using libkern/random(). This function is a
> simple, multiplicative PNRG with 32-bits of state (all of which is
> `leaked' via its return value. Whilst the change might be better than
> a simple increment/decrement, I don't believe it provides any real
> security (especially in view of the %=2 operations).
I never saw the original posting to this; let me suggest that folks read RFC
1948 before doing sequence number randomization.
--Steve Bellovin
