Post by Rui Paulorevision 1.108
+126 -31
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is
experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by
people
who really know what they're doing.
I spoke with Steve Bellovin last week about this, but I'll let him
explain what happened by his own words.
I'm not sure what the issue is. I suspect it's
http://www.cert.org/advisories/CA-2001-09.html and the paper it's based on,
http://www.thenewsh.com/~newsham/random-increments.pdf -- that identifies
some possible remaining issues with 1948 code. The problem is that
"better" fixes have the potential of breaking TCP correctness.
Anyway -- the proposal on the table isn't to make 1948 mode the default;
it's to make a sysctl available to let people who want it turn it on.
Even if you agree with the issues in that paper, the paper itself notes
that 1948 mode is much better than doing nothing.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de