From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 06:24:34 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 07C9916A4CE; Wed, 21 Apr 2004 06:24:34 -0700 (PDT)
Received: from omgo.iij.ad.jp (omgo.iij.ad.jp [202.232.30.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4FC3443D2D; Wed, 21 Apr 2004 06:24:33 -0700 (PDT)
	(envelope-from nagao@iij.ad.jp)
Received: OMGO id i3LDOSsx019922; Wed, 21 Apr 2004 22:24:29 +0900 (JST)
Received: OTM-MIX0 id i3LDOSGw014246; Wed, 21 Apr 2004 22:24:28 +0900 (JST)
Received: JC-SMTP from localhost (kabosu.iij.ad.jp [192.168.187.105])
	id i3LDORW6023292; Wed, 21 Apr 2004 22:24:28 +0900 (JST)
Date: Wed, 21 Apr 2004 22:24:27 +0900 (JST)
Message-Id: <20040421.222427.41675143.nagao@iij.ad.jp>
To: nectar@freebsd.org
From: Tadaaki Nagao <nagao@iij.ad.jp>
In-Reply-To: <20040421111003.GB19640@lum.celabo.org>
References: <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2>
	<200404201332.40827.dr@kyx.net>
	<20040421111003.GB19640@lum.celabo.org>
X-Mailer: Mew version 4.0.65 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
cc: des@des.no
Subject: Re: TCP RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 13:24:34 -0000

In "Re: TCP RST attack",
    "Jacques A. Vidrine" <nectar@freebsd.org> wrote:
> On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote:
> > Also keep in mind ports are predictable to varying degrees depending on
> > the vendor or OS, which further reduces the brute force space you have to 
> > go though without sniffing. 
> 
> This is exactly why I ported OpenBSD's TCP ephemeral port allocation
> randomization to FreeBSD-CURRENT (although I asked Mike Silby to commit
> it for me and take the blame if it broke :-).  It will also be MFC'd
> shortly in time for 4.10-RELEASE.

That sounds great!  But a question arose in my mind...  I think it'll
improve FreeBSD as a client OS, but as a server OS it doesn't seem to
help much (actually, any ;-).
Is there any action planned to implement some kind of countermeasure
for FreeBSD servers?

Thanks,
Tadaaki Nagao <nagao@iij.ad.jp>
System Design and Development Division, Internet Initiative Japan Inc.