tech-security: Re: CERT Advisory / Statistical Weaknesses in TCP/IP Initial Sequence

Subject: Re: CERT Advisory / Statistical Weaknesses in TCP/IP Initial Sequence
To: David Brownlee <abs@formula1.com>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-security
Date: 05/03/2001 08:50:21

On Thu, May 03, 2001 at 11:34:52AM +0100, David Brownlee wrote:

 > 	Cert has an advisory which does not mention NetBSD at all:
 > 	    http://www.cert.org/advisories/CA-2001-09.html
 > 
 > 	The best values came from OpenBSD:
 > 	    "The OpenBSD TCP/IP sequence number generator has recently
 > 	     been rewritten by Niels Provos. New code is available, but
 > 	     had not been included in any official release as of this
 > 	     writing. According to Theo de Raadt, the code was finished
 > 	     in December, and is supposed to be shipped with OpenBSD
 > 	     2.9 in late May."
 > 
 > 	Has anyone looked at the OpenBSD code?

Looked at it -- could be interesting, but I'd want to get some other
opinions on it, first.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>