OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Random Sequence Numbers
From: Bjoern Groenvall (bgsics.se)
Date: Sun Feb 20 2000 - 09:48:34 CST

Dan Moschuk <danFreeBSD.ORG> writes:

> This has been done, by me, using the arc4random() implementation I put into
> the kernel a few months ago. I'll be committing it after the code freeze.

Before you go ahead and do this you might want to consider this
comment. (The message never made it way back to freebsd-security).

From: "Steven M. Bellovin" <smbRESEARCH.ATT.COM>
Subject: Re: Random Sequence Numbers
To: BUGTRAQSECURITYFOCUS.COM
Date: Thu, 10 Feb 2000 17:35:03 -0500
Reply-To: smbRESEARCH.ATT.COM
Return-Path: owner-bugtraqSECURITYFOCUS.COM

In message <00Feb10.090608est.115219border.alcanet.com.au>, Peter Jeremy write
s:
> On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <oogaliintranova.net> wrote:
> >I don't know if anyone else attempted, but I whipped up a little patch for
> >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP
> >instead of incrementing it by one each time. Apply using 'patch'.
>
> Note that the patch is using libkern/random(). This function is a
> simple, multiplicative PNRG with 32-bits of state (all of which is
> `leaked' via its return value. Whilst the change might be better than
> a simple increment/decrement, I don't believe it provides any real
> security (especially in view of the %=2 operations).

I never saw the original posting to this; let me suggest that folks read RFC
1948 before doing sequence number randomization.

                --Steve Bellovin

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message