[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Scanning OpenBSD with NMAP - mysterious Results ???
Joseph W. Shaw II wrote:
> TCP sequence number predictability most certainly is a measure of an
> operating system's security. The harder they are to predict, the
> better off you are from spoofing attacks. Just ask Shimomura. However,
We're talking about the randomness of the initial sequence number of a TCP
session. It has nothing to do with all other protocols and even less with the
security of the os. It just shows up the possibility of blind-spoofing. One
does not care much if cryptography is being used for the connection.
Maybe that's true, but true randomness also makes your tcp/ip stack less
reliable. OpenBSD developers have chosen a good value to make security *AND*
(More randomness makes it harder for the kernel to "collect" the packets from
the net, sorry, this is definitely not tech-speak). Fyodor has already been
informed about his misunderstanding of TCP.
1024D/DC805C44 2000-07-06 http://cran.ath.cx/~seb/publicpgpkey.asc
key fingerprint A079 88E9 3617 838D ED65 A7D1 277D D529 DC80 5C44