Date: Thu, 30 Jan 1997 19:46:37 -0800 From: David Greenman <dg@root.com> To: "That Doug Guy" <tiller@connectnet.com> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org> Subject: Re: 2.2+ and sequence number guessing Message-ID: <199701310346.TAA27603@root.com> In-Reply-To: Your message of "Thu, 30 Jan 1997 15:40:11 PST." <199701302341.PAA18857@smtp.connectnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have been doing some research on the security of various *nix's, >and found some very interesting discussion in the mail archives regarding >the security of freebsd vs. a sequence number guessing IP spoof attack. >Without rehashing what seemed to be a rather heated discussion last spring, >I am wondering if someone could fill me in on any changes, improvements, >etc. that have been made in 2.2 regarding this problem. Also, if someone >could highlight the changes regarding security against syn flooding >promised in 2.2, it would help. Of course, if this information is already >available on line, a pointer to it would be appreciated. There were changes made that made the initial sequence number more random. See rev 1.29 of tcp_input.c. The random drop syn-flood protection was implemented. See rev 1.52 of tcp_input.c. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701310346.TAA27603>