Security

tcp sequence prediction on HP-UX 10.20

 
SOLVED
Go to solution
Nivesh Patnaik
Frequent Advisor

tcp sequence prediction on HP-UX 10.20

I had one of our HP-UX 10.20 servers scanned, and the result was that the TCP sequence is predictable. There was a reference to apply a patch for HP-UX 9.0. Is there a patch for 10.20?

While searching the forum, I found one thread that recommends putting a script under /sbin/init.d/ that runs the nettune command with a couple of parameters.

Is there a standard HP remedy for this on 10.20?
I gave him his drink as usual. Some men can't hold their arsenic.
4 REPLIES 4
Mike Hassell
Respected Contributor
Solution

Re: tcp sequence prediction on HP-UX 10.20

Nivesh,

I'm not aware of a patch for defending against this predicitability, however there are two methods that I've heard of.

1. Use of an init script that will alter parameters enough to throw it off a bit.

2. Using nettune on 10.20 and ndd on 11.x to fix this, for example:

/usr/contrib/bin/nettune -s tcp_random_seq 2
/usr/contrib/bin/nettune -s hp_syn_protect 1
/usr/contrib/bin/nettune -s ip_forwarding 0

Hope that helps.

-Mike
The network is the computer, yeah I stole it from Sun, so what?
Huiqi Liu
Occasional Advisor

Re: tcp sequence prediction on HP-UX 10.20

I don't seem to have the hp_syn_protect defined. How do I add a definition for nettune?

Thanks!

Huiqi
Bill Hassell
Honored Contributor

Re: tcp sequence prediction on HP-UX 10.20

I vaguely remember the random sequence was a patch (very long ago). It sounds like your 10.20 system is not well patched. You can try browsing through the 10.20 patches for ndd (which will probably require additional LAN patches) or just load the last SupportPlus packages (QPK and HWE) from Dec 2001.


Bill Hassell, sysadmin
Huiqi Liu
Occasional Advisor

Re: tcp sequence prediction on HP-UX 10.20

Thanks Bill - but I'm sorry I can't seem to assign points (can't see the option)!

Huiqi