Date: Mon, 9 Oct 2000 05:32:09 -0700 (PDT) From: jau@iki.fi To: freebsd-gnats-submit@FreeBSD.org Subject: kern/21860: The fix to TCP_ISSINCR after the bugtraq error report could still be enhanced. Message-ID: <20001009123209.224F337B66C@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21860 >Category: kern >Synopsis: The fix to TCP_ISSINCR after the bugtraq error report could still be enhanced. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 09 05:40:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Jukka A. Ukkonen >Release: 3.5.1 >Organization: SysOpen Plc. / Finland >Environment: FreeBSD mjolnir.thunderbolt.fi 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE #1: Sun Oct 8 20:16:47 EET DST 2000 jau@mjolnir.thunderbolt.fi:/usr/src/sys/compile/Mjolnir i386 >Description: The TCP sequence number increment used to be counted like this #ifndef tcp_random18 #define tcp_random18() (random() & 0x3ffff) #endif #define TCP_ISSINCR (122*1024 + tcp_random18()) which was then changed such that random became arc4random. This in anyhow inferior to making the whole thing entirely random as in #define TCP_ISSINCR (arc4random()) >How-To-Repeat: Try each of the alternative methods with nmap. >Fix: #define TCP_ISSINCR (arc4random()) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001009123209.224F337B66C>