Date: Wed, 22 May 1996 12:25:08 -0400 (EDT) From: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net> To: Paul Traina <pst@Shockwave.COM> Cc: Garrett Wollman <wollman@lcs.mit.edu>, Poul-Henning Kamp <phk@critter.tfs.com>, current@FreeBSD.ORG, blh@nol.net Subject: Re: freebsd + synfloods + ip spoofing Message-ID: <Pine.BSF.3.91.960522122204.3698A-100000@apocalypse.superlink.net> In-Reply-To: <199605221607.JAA04887@precipice.shockwave.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 May 1996, Paul Traina wrote: > Garret, > > Brett is absolutely correct. > > I just looked at what was done for tcp_iss. If tcp_init is not called on > every connection (it's not), then the whole design of the ISS randomization > looks wrong to me. > We're making tcp_iss random in tcp_init.c, but then manipulating it in > totally predictable ways. This is not random at all. The ISS needs to > be randomized on a PER tcp connection attempt. I realize that violates > RFC 793, but it has to be done. > > Paul > > You may be right, but other implementations don't randomize on every connection either. FreeBSD, at the moment, just has what other implementations have wrong.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960522122204.3698A-100000>