On 2018-Jan-12 12:33:21 +0530, Brahmanand Reddy <brahma....@gmail.com> wrote: >TCP uses weak initial sequence numbers >https://www.freebsd.org/security/advisories/FreeBSD-SA-00%3A52.tcp-iss.asc
As has been pointed out to you several times in this thread, that SA is nearly 20 years old and there is no evidence that TCP on any recent FreeBSD uses weak ISNs. >actually "arc4random()" will take care on https://github.com/freebsd/ >freebsd/blob/master/sys/netinet/tcp_subr.c#L2374 Without studying the code in detail, that code appears to correctly use arc4random() to initialise the ISN - which is as expected. > I suspecting 10.4 already having fix... but i didn't found on exactly >which this problem from https://www.freebsd.org/security/patches/ Well, the original patch is https://www.freebsd.org/security/patches/SA-00%3A52/ and was committed as what is now https://svnweb.freebsd.org/base?view=revision&revision=66433 Since that patch is integrated into the FreeBSD codebase, there's no need to update the contents of https://www.freebsd.org/security/patches/SA-00%3A52/ and it is not relevant to the current codebase. > i would like expecting where is the fix in 10,4 kernel. That code was re-written in r82122, retaining the use of arc4random() for ISN initialisation. As a result, it's no longer possible to point at specific code and say "that code fixes weak TCP ISNs". -- Peter Jeremy
signature.asc
Description: PGP signature
