LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   TCP Sequence Prediction (https://www.linuxquestions.org/questions/linux-general-1/tcp-sequence-prediction-511013/)

introuble 12-16-2006 05:45 AM
TCP Sequence Prediction
 
Following an nmap scan against localhost, I get this:

Quote:
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IPID Sequence Generation: All zeros
This is on .. a day old Debian System. Now.. something tells me this is not a good thing security wise. I remember on the old Debian box (before the recent reinstall) a relatively high Difficulty, and the "IPID Sequence Generation" to be "Random positive increments" (or something). I also remember on a FreeBSD box that the TCP SP Difficulty was "999..."; "IPID Seq Gen:" was "Truly Random".

All in all.. how do I increase the difficulty of the tcp sequence prediction [who/what gives this difficulty?] and the "IPID Seq Generation" ?

matthewg42 12-16-2006 07:41 AM
It's down to the TCP implementation in the kernel. Not sure how to change it - maybe there is a kernel build option.

matthewg42 12-16-2006 07:43 AM
This is an interesting article on the subject: http://www.bindview.com/Services/Raz...001/tcpseq.cfm

introuble 12-16-2006 09:32 AM
Quote:
It's down to the TCP implementation in the kernel.
Then should all up-to-date Debian SID boxes display the same thing as my box?

matthewg42 12-16-2006 02:54 PM
Maybe debian has a choice of kernels, possibly where there are different settings which might affect this. I don't know enough about debian to know. I just use default kernels :) If you find out, please post here - I'd like to know.


All times are GMT -5. The time now is 09:38 PM.