ISN number prediction ?
Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... Any comments about this ? -- L. On sul minut aega ?
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... Any comments about this ? Read the advisory we already released about this. Kris PGP signature
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... Any comments about this ? Perhaps you missed the recent FreeBSD security advisory: http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-security-notifications and the CERT advisory: http://www.cert.org/advisories/CA-2001-09.html which explain that this has been corrected... -- Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org PGP signature
Re: ISN number prediction ?
Lauri Laupmaa wrote: Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... I remember that if you run the program nmap on your server with the right flags, that it will give its opinion on how good this is. But I don't remember the right sequence of flags to do this - anyone care to help me? -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
RE: ISN number prediction ?
:: I remember that if you run the program nmap on your server with the :: right flags, that it will give its opinion on how good this is. :: But I don't remember the right sequence of flags to do this - anyone :: care to help me? -O To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: ISN number prediction ?
Juha Saarinen wrote: :: I remember that if you run the program nmap on your server with the :: right flags, that it will give its opinion on how good this is. :: But I don't remember the right sequence of flags to do this - anyone :: care to help me? -O I that was what it was, but it doesn't seem to be working now. Maybe it needs to know what the OS is in order to figure this out. When I run nmap I get No exact OS matches for host . suggesting that nmap cannot figure out any more that it is FreeBSD (probably because of the new TCP software in the kernel). -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: ISN number prediction ?
On Sat, May 05, 2001 at 05:27:22PM -0500, Stephen Montgomery-Smith wrote: Lauri Laupmaa wrote: Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... I remember that if you run the program nmap on your server with the right flags, that it will give its opinion on how good this is. But I don't remember the right sequence of flags to do this - anyone care to help me? Please remember that this is a complicated issue which can't be easily quantified with a single number; nmap can be used as a guide to sequence number predictability, but it's not the whole story. Kris PGP signature
Re: ISN number prediction ?
perhaps -v in combo with the -O? for example: nmap -sT -v -O -F ip ? - Original Message - From: Stephen Montgomery-Smith [EMAIL PROTECTED] To: Juha Saarinen [EMAIL PROTECTED] Cc: Lauri Laupmaa [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, May 05, 2001 3:43 PM Subject: Re: ISN number prediction ? Juha Saarinen wrote: :: I remember that if you run the program nmap on your server with the :: right flags, that it will give its opinion on how good this is. :: But I don't remember the right sequence of flags to do this - anyone :: care to help me? -O I that was what it was, but it doesn't seem to be working now. Maybe it needs to know what the OS is in order to figure this out. When I run nmap I get No exact OS matches for host . suggesting that nmap cannot figure out any more that it is FreeBSD (probably because of the new TCP software in the kernel). -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
RE: ISN number prediction ?
:: I that was what it was, but it doesn't seem to be working now. :: Maybe it needs to know what the OS is in order to figure this out. :: When I run nmap I get :: :: No exact OS matches for host . :: :: suggesting that nmap cannot figure out any more that it is FreeBSD :: (probably because of the new TCP software in the kernel). Same here (against a 4.2-STABLE box): TCP Sequence Prediction: Class=random positive increments Difficulty=38177 (Worthy challenge) No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: TSeq(Class=RI%gcd=1%SI=7E12) TSeq(Class=RI%gcd=1%SI=3CF6) TSeq(Class=RI%gcd=1%SI=9521) T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) (NMAP 2.53) -- Juha To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
