On Sat, 10 Aug 2002, David Lambert wrote:
> I just upgraded my system from Linux 2.4.18 to 2.4.19 and noticed that
> the nessus scan produced the following security hole. Reverting to the
> 2.4.18 kernel removed this message. Does anyone have an opinion on
> whether this a valid concern or a false positive?
Having a quick glance with google I am under the impression the code has
been changed and you may need to set different parameters during
compilation or during run-time.
More details are propably available in the kernel documentation.
> The remote host seems to generate Initial Sequence Numbers
> (ISN) in a weak maner which seems to solely depend
> on the source and dest port of the TCP packets.
Hmm. Shouldn't that be MANNER instead of MANER?
Hugo.
--
All email send to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
