From nobody@FreeBSD.ORG  Mon Oct  9 05:32:09 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 224F337B66C; Mon,  9 Oct 2000 05:32:09 -0700 (PDT)
Message-Id: <20001009123209.224F337B66C@hub.freebsd.org>
Date: Mon,  9 Oct 2000 05:32:09 -0700 (PDT)
From: jau@iki.fi
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: The fix to TCP_ISSINCR after the bugtraq error report could still be enhanced.
X-Send-Pr-Version: www-1.0

>Number:         21860
>Category:       kern
>Synopsis:       The fix to TCP_ISSINCR after the bugtraq error report could still be enhanced.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 09 05:40:01 PDT 2000
>Closed-Date:    Sat Nov 10 17:14:37 PST 2001
>Last-Modified:  Sat Nov 10 17:16:00 PST 2001
>Originator:     Jukka A. Ukkonen
>Release:        3.5.1
>Organization:
SysOpen Plc. / Finland
>Environment:
FreeBSD mjolnir.thunderbolt.fi 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE #1: Sun Oct  8 20:16:47 EET DST 2000     jau@mjolnir.thunderbolt.fi:/usr/src/sys/compile/Mjolnir  i386

>Description:
The TCP sequence number increment used to be counted like
this

#ifndef tcp_random18
#define tcp_random18()  (random() & 0x3ffff)
#endif

#define      TCP_ISSINCR     (122*1024 + tcp_random18())

which was then changed such that random became arc4random.
This in anyhow inferior to making the whole thing entirely
random as in

#define      TCP_ISSINCR     (arc4random())


>How-To-Repeat:

Try each of the alternative methods with nmap.


>Fix:
#define      TCP_ISSINCR     (arc4random())


>Release-Note:
>Audit-Trail:

From: jau@iki.fi
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: kern/21860 should have better priority
Date: Tue, 17 Oct 2000 03:39:22 -0700 (PDT)

 >Submitter-Id:	net
 >Originator:	Jukka A. Ukkonen
 >Organization:	Private Person
 >Confidential:	no
 >Synopsis:	kern/21860 should have better priority
 >Severity:	critical
 >Priority:	high
 >Category:	kern
 >Class:		sw-bug
 >Release:	3.5.1
 >Environment:	
 >Description:
 I made a typo while reporting kern/21860.
 I should have given it better priority,
 because the fix is so simple and obvious,
 and the effect on system's ability to tolerate
 sequence number guessing is greatly improved
 making FreeBSD even better paltform for network
 server applications.
 My classifying this as a sw-bug instead of simply
 change-request is a bit provocative, but I guess
 the change is so obvious that it is almost a bug
 (or better maybe a minor design flaw) that ISSINCR
 has not been done the way I propose already by now.
 
 >How-To-Repeat:
 See the details in kern/21860.
 >Fix:
 See the details in kern/21860.
 
State-Changed-From-To: open->closed 
State-Changed-By: bmah 
State-Changed-When: Sat Nov 10 17:14:37 PST 2001 
State-Changed-Why:  
More recent versions of FreeBSD now use a version of the algorithm 
from RFC 1948 for setting TCP ISNs. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21860 
>Unformatted:
