From owner-freebsd-security  Fri Jun  6 15:32:40 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA16180
          for security-outgoing; Fri, 6 Jun 1997 15:32:40 -0700 (PDT)
Received: from kirk.edmweb.com (kirk.edmweb.com [204.244.190.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA16175
          for <security@FreeBSD.ORG>; Fri, 6 Jun 1997 15:32:37 -0700 (PDT)
Received: from bluesmoke.edmweb.com (bluesmoke.edmweb.com [204.244.190.8]) by kirk.edmweb.com (8.8.5/8.7.3) with ESMTP id PAA11640; Fri, 6 Jun 1997 15:32:03 -0700 (PDT)
Message-Id: <199706062232.PAA11640@kirk.edmweb.com>
To: Simon Shapiro <Shimon@i-Connect.Net>
cc: Vadim Kolontsov <vadim@tversu.ac.ru>, security@FreeBSD.ORG
Subject: Re: sequence predictability (fwd) 
In-reply-to: Your message of "Fri, 06 Jun 1997 12:09:35 PDT."
             <XFMail.970606120935.Shimon@i-Connect.Net> 
Date: Fri, 06 Jun 1997 15:32:04 -0700
From: Steve <steve@edmweb.com>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>>   How about implementing random choosing of start TCP sequence number?
>> Of course, it need crypotographicaly strong random numbers generator..
>> I think it will help a lot against TCP seq.numbers predictability
>> attack.
>
> Good Idea.  /dev/rand, setup properly produces very good results.

Sequence numbers should not be chosen at random. Read RFC 1948.