Date: Sat, 05 Jan 2002 03:09:10 -0000 From: Matthew Whelan <muttley@gotadsl.co.uk> To: freebsd-security@FreeBSD.ORG, msch@snafu.de Cc: freebsd-stable@FreeBSD.ORG, Peter.Sauerland@siemens.com, iss@cert.siemens.de Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <GF97DA05OIA832C9IF3X2105PZWQOR.3c366e56@VicNBob> In-Reply-To: <E16MExc-0003MK-00@clever.eusc.inter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
03/01/2002 20:59:35, Matthias Schuendehuette <msch@snafu.de> wrote: >Hello, > >my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it >complained about TCP Sequence Prediction: > >'The TCP sequence was found to be predictable.' > >I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later >:-) as listed in FreBSD-SA-00:52. > >I looked at the published Patch in FreBSD-SA-00:52 but couldn't find >the Sourcecode Sequence to be patched any more (I wasn't wondering). > >But so, what shall I do, who's to blame? Is the ISS lying? Is there any >advice from the FreeBSD Security Officer or the developers how to >proceed further? If you've CVSup'd within the last 3 weeks (I suspect you must have done to have 4.5-PRE ;p), you should have: * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 jlemon Exp $ which appears now to have all the code for ISN generation (start looking at line 1112 - does playing with the two sysctl's mentioned make any difference to what ISS says? Looks like the isn_reseed_interval is only used if strict_rfc1948 is not set) Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GF97DA05OIA832C9IF3X2105PZWQOR.3c366e56>