Date: Fri, 6 Oct 2000 23:09:30 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Alfred Perlstein <bright@wintelcom.net> Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <Pine.LNX.4.10.10010062304060.464-100000@jamus.xpert.com> In-Reply-To: <20001006135157.G266@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 6 Oct 2000, Alfred Perlstein wrote: > * Roman Shterenzon <roman@xpert.com> [001006 13:50] wrote: > > It's great to see 2.2.8 patched ! > > Any idea about the solaris implementation of rfc1948 ? > > Can this be done in FreeBSD? > > I don't have time to look that up, what is it? SACK? > > If it is afaik someone is already working on it. RFC1948 - Defending Against Sequence Number Attacks Solaris has "sysctl" alike interface (ndd) for those; # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: # 0 = Old-fashioned sequential initial sequence number generation. # 1 = Improved sequential generation, with random variance in increment. # 2 = RFC 1948 sequence number generation, unique-per-connection-ID. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10010062304060.464-100000>