Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Mar 13 2001 - 16:39:30 CST
From: Tim Newsham
Sent: Tuesday, March 13, 2001 5:34 PM
Subject: FW: clip from netbsd mailing list
Hi, I'm not on the mailing list, I received a copy of this indirectly.
NetBSD is not vulnerable to attacks I outlined, as far as my analysis
of your stack was able to tell (from -current sources)
The parameter used for RFC1948 need not be randomly generated
at boot time. I was actually wondering if this violates the intent.
ISN values exist in the same space across reboots? I'm not sure.
Anyway, the TCP secret could be generated once and stored in the
filesystem. If they are generated at boot time, it could be done using
entropy stored in the filesystem from previous boots. To accomplish
this, the TCP secret would have to be set from userland, requiring an
ioctl or something similar. Previous entropy could be read from
data stored during the previous incarnation, and mixed with whatever
entropy can be gathered from the newly running system and passed
into the kernel early during the system startup (prior to bringing up
From: Jerry Brady
Sent: Tuesday, March 13, 2001 5:24 PM
To: Tim Newsham
Subject: clip from netbsd mailing list
Fri Mar 7 09:25:38 1997
Received: from mail.NetBSD.ORG (homeworld.cygnus.com [22.214.171.124])
by netbsd.warped.com (8.8.5/8.8.4) with SMTP
id JAA25155 for <tech-security-archivemail-archive.netbsd.org>; Fri, 7
Mar 1997 09:25:36 -0800 (PST)
Received: (qmail-queue invoked by uid 605); 7 Mar 1997 17:30:42 -0000
Received: (qmail-queue invoked from smtpd); 7 Mar 1997 17:30:39 -0000
Received: from gecko.nas.nasa.gov (126.96.36.199)
by homeworld.cygnus.com with SMTP; 7 Mar 1997 17:30:38 -0000
Received: from gecko.nas.nasa.gov (kmllocalhost)
by gecko.nas.nasa.gov (8.8.3/NAS.6.1) with ESMTP id JAA26321; Fri, 7 Mar
1997 09:26:53 -0800 (PST)
cc: Luke Mewburn <lukemconnect.com.au>, tech-securityNetBSD.ORG
Subject: Re: NFS file handles are guessable.
In-reply-to: Your message of "Fri, 07 Mar 1997 11:58:14 EST."
Date: Fri, 07 Mar 1997 09:26:53 -0800
From: "Kevin M. Lahey" <kmlnas.nasa.gov>
In message <199703071658.LAA09575jekyll.piermont.com>"Perry E. Metzger"
>What we really desperately need is a /dev/random...
Absolutely. I was looking at the changes necessary to generate a more
random ISS for TCP connections (RFC1948). It was relatively easy to
add the code to generate the ISS, but generating a random enough
seed value looked really tough. It seemed especially ugly because
the seed was required pretty early on in the boot process, before
there was a chance to sample alot of OS events to get some randomness.
Any ideas or plans to add /dev/random? It sure would make things
VP, Research & Development
W: 212.937.2183 F: 212.937.2183 M: 646.279.7328
75 Third Avenue, Waltham, MA, 02451
G U A R D E N T
Total Security Solutions
Have you taken a Guardent/Mensa Pop Quiz?