- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- how to generate initial TCP sequence numbers that ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2017 06:02 AM
12-16-2017 06:02 AM
Hi Guys,
Can someone help, I need to perform the following script to use more random TCP sequence numbers upon system startup, can advice base on the script below what should I do
Create/open the file /sbin/rc2.d/S999tcpisn ( This file cannot be found on my system )
Add the following line
ndd -set /dev/tcp tcp_idn_passprase=<random string>
Kindly help
Regards
Vincent
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2017 07:16 AM
12-16-2017 07:16 AM
Re: how to generate initial TCP sequence numbers that comply with RFC1948
> [...] I need to perform the following script [...]
Says who? How did you determine this?
> Create/open the file /sbin/rc2.d/S999tcpisn ( This file cannot be
> found on my system )
What is "my system"?
uname -a
Perhaps this file is missing because it's part of a sortware package
(patch?) which has not been installed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2017 08:32 PM
12-18-2017 08:32 PM
SolutionThis idea is part of a larger document from CIS:
https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf?x60581
The S999tcpisn is a somewhat arbitrary name for a new rc script with 1 line (the ndd line).
It simply adds a seed value for the TCP sequence numbering.
NOTE:
The ndd name is NOT tcp_idn_passphrase, it is tcp_isn_passphrase
(hint: ndd -h supported | grep passphrase)
However, the example fails to complete the script with an actual random value.
The following commands will accomplish the task:
# echo "ndd -set /dev/tcp tcp_isn_passphrase $RANDOM$RANDOM" > /sbin/rc2.d/S999tcpisn # chmod 755 /sbin/rc2.d/S999tcpisn
Now each time you reboot, the sequence number generator for TCP will start at a new location.
Bill Hassell, sysadmin