03/01/2002 20:59:35, Matthias Schuendehuette <mschsnafu.de> wrote:

>Hello,
>
>my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it
>complained about TCP Sequence Prediction:
>
>'The TCP sequence was found to be predictable.'
>
>I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later
>:-) as listed in FreBSD-SA-00:52.
>
>I looked at the published Patch in FreBSD-SA-00:52 but couldn't find
>the Sourcecode Sequence to be patched any more (I wasn't wondering).
>
>But so, what shall I do, who's to blame? Is the ISS lying? Is there any
>advice from the FreeBSD Security Officer or the developers how to
>proceed further?

If you've CVSup'd within the last 3 weeks (I suspect you must have done to
have 4.5-PRE ;p), you should have:

 * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12
jlemon Exp $

which appears now to have all the code for ISN generation (start looking at
line 1112 - does playing with the two sysctl's mentioned make any difference
to what ISS says? Looks like the isn_reseed_interval is only used if
strict_rfc1948 is not set)

Matthew

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]