[7862] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Borderware predictable initial TCP sequence numbers

daemon@ATHENA.MIT.EDU (Kevin Steves)
Wed Sep 2 18:13:38 1998

Date: 	Wed, 2 Sep 1998 20:17:17 +0200
Reply-To: Kevin Steves <stevesk@SWEDEN.HP.COM>
From: Kevin Steves <stevesk@SWEDEN.HP.COM>
X-To:         Gigi Sullivan <sullivan@SECLAB.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.BSI.3.95.980902105535.24829B-100000@rogue.intesis.it>

On Wed, 2 Sep 1998, Gigi Sullivan wrote:
: This can be applied also to Firewall-1 (CheckPoint) running on an
: HP-UX 10.X series.

In HP-UX 10 there's a tunable object to control TCP sequence number
generation:

$ nettune -h tcp_random_seq
tcp_random_seq:
When set to one (1), TCP randomizes initial connection sequence
numbers.  When set to two (2), a more sophisticated randomizer
is used. When set to zero (0), normal time-based, linearly
increasing sequence numbers are used as described in RFC 793.
The default is disabled (0).


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[7862] in bugtraq

Re: Borderware predictable initial TCP sequence numbers

daemon@ATHENA.MIT.EDU (Kevin Steves)Wed Sep 2 18:13:38 1998

daemon@ATHENA.MIT.EDU (Kevin Steves)
Wed Sep 2 18:13:38 1998