From owner-freebsd-stable  Fri Jan  4 19: 9:21 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from marvin.nildram.co.uk (marvin.nildram.co.uk [195.112.4.71])
	by hub.freebsd.org (Postfix) with SMTP id E2DB537B41D
	for <freebsd-stable@FreeBSD.ORG>; Fri,  4 Jan 2002 19:09:11 -0800 (PST)
Received: (qmail 22975 invoked from network); 5 Jan 2002 03:09:10 -0000
Received: from muttley.gotadsl.co.uk (HELO VicNBob) (213.208.123.26)
  by marvin.nildram.co.uk with SMTP; 5 Jan 2002 03:09:10 -0000
From: Matthew Whelan <muttley@gotadsl.co.uk>
To: freebsd-security@FreeBSD.ORG, msch@snafu.de
Cc: freebsd-stable@FreeBSD.ORG, Peter.Sauerland@siemens.com,
	iss@cert.siemens.de
Date: Sat, 05 Jan 2002 03:09:10 -0000
X-Priority: 3 (Normal)
In-Reply-To: <E16MExc-0003MK-00@clever.eusc.inter.net>
Message-Id: <GF97DA05OIA832C9IF3X2105PZWQOR.3c366e56@VicNBob>
Subject: Re: TCP Sequence-Prediction (4.5-PRE)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Mailer: Opera 6.0 build 1010
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

03/01/2002 20:59:35, Matthias Schuendehuette <msch@snafu.de> wrote:

>Hello,
>
>my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it 
>complained about TCP Sequence Prediction:
>
>'The TCP sequence was found to be predictable.'
>
>I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later 
>:-) as listed in FreBSD-SA-00:52.
>
>I looked at the published Patch in FreBSD-SA-00:52 but couldn't find 
>the Sourcecode Sequence to be patched any more (I wasn't wondering).
>
>But so, what shall I do, who's to blame? Is the ISS lying? Is there any 
>advice from the FreeBSD Security Officer or the developers how to 
>proceed further?

If you've CVSup'd within the last 3 weeks (I suspect you must have done to 
have 4.5-PRE ;p), you should have:

 * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 
jlemon Exp $

which appears now to have all the code for ISN generation (start looking at 
line 1112 - does playing with the two sysctl's mentioned make any difference 
to what ISS says? Looks like the isn_reseed_interval is only used if 
strict_rfc1948 is not set)

Matthew



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message