On Mon, 16 Jul 2001, Niels Provos wrote: > In message <[EMAIL PROTECTED]>, Kris Kennaway writes: > >Sorry I've been ignoring this; I'm still getting caught up from my > >vacation. Niels, how has OpenBSD handled this? > Not. We have the same problem. I argue that the test is bogus. > > First of all, if we are getting a SYN for this 4-tuple, it is very > likely that all segments from the old connection have left the > network. > > The current code does not deal with wrap around either. The test may be bogus, but it must be respected. Every old BSD based system out there has it, and we can't update every system because we no longer like it. We should still be fine sending out randomized ISNs in SYNACKs; it appears to be SYNs sent out by us which must be monotonic. > On the other hand, there are already a number of operating systems > that use randomized ISNs. Linux has been doing this for quite some > time. As a result, we can not rely on monotonely increasing ISNs > anyway. I just looked at a copy of 2.4.1, and it appears to use a RFC1948-like algorithm. I think 2.0 was randomized, but more recent versions have not been. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
