In message <[EMAIL PROTECTED]>, Peter Jeremy write
s:
> On 2000-Feb-09 20:27:08 +1100, Omachonu Ogali <[EMAIL PROTECTED]> wrote:
> >I don't know if anyone else attempted, but I whipped up a little patch for
> >FreeBSD that randomizes the sequence/acknowledgment numbers sent by TCP
> >instead of incrementing it by one each time. Apply using 'patch'.
>
> Note that the patch is using libkern/random(). This function is a
> simple, multiplicative PNRG with 32-bits of state (all of which is
> `leaked' via its return value. Whilst the change might be better than
> a simple increment/decrement, I don't believe it provides any real
> security (especially in view of the %=2 operations).
I never saw the original posting to this; let me suggest that folks read RFC
1948 before doing sequence number randomization.
--Steve Bellovin
