- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: nddconf More random tcp sequence tcp_isn_pass...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2008 01:12 AM
12-22-2008 01:12 AM
I want to set tcp_isn_passphrase parameter value to 0 for tcp.
I am using ndd -set /dev/tcp tcp_isn_passphrase 0
command to set it to 0.
But this value is not reflected in nddconf file.
When I manually chenged NDD_VALUE[5]=0,
and run following command
ndd -get /dev/tcp tcp_isn_passphrase
it give result 1.
i want to know , do i need to reboot the machine to get values reflected in nddconf file ,
or there is any other to achieve the same .
Thanks in advance .
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2008 03:53 AM
12-22-2008 03:53 AM
Solutionwhen you do ndd -set /dev/tcp tcp_isn_passphrase 0
it set a isn passphrase to the string "0".
Once enabled there is no way to disable tcp_isn_passphrase,
so when you do ndd -get /dev/tcp tcp_isn_passphrase
it answeres 1 which means that tcp_isn_passphrase had been set.
- it never shows the value for security considerations-
So even if you reboot , and with tcp_isn_passphrase set to 0 in nddconf,
ndd -get /dev/tcp tcp_isn_passphrase will always return 1
To disable tcp_isn_passphrase, you need to remove it from nddconf and reboot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2008 04:02 AM
12-22-2008 04:02 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
change the value manually in the nddconf file. Doing it on the fly as you did, does not change nddconf
Use the same format as other parameters.
Reboot is not required.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2008 10:47 PM
12-22-2008 10:47 PM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 10:17 AM
01-06-2009 10:17 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 09:34 PM
01-06-2009 09:34 PM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 12:46 AM
01-07-2009 12:46 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 01:10 AM
01-07-2009 01:10 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
No no, I want to check if tcp_isn_passphrase is set or not.
I didn't know how to set and unset the value
tcp_isn_passphrase.
Actually , the result of
ndd -get /dev/tcp tcp_isn_passphrase is 1 thet means it is set to some value. Not necessary to ZERO 0.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 02:01 AM
01-07-2009 02:01 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
ndd -get /dev/tcp tcp_isn_passphrase
1 -> means is set whatever value it is and
can't be reset
ndd -get /dev/tcp tcp_isn_passphrase
0 -> means is not set
as soon as a ndd -set /dev/tcp tcp_isn_passphrase anything
is made, it sets the passphrase to "anything"
and there is not way to reset it
so ndd -get /dev/tcp tcp_isn_passphrase will answer 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 02:23 AM
01-07-2009 02:23 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 02:52 AM
01-07-2009 02:52 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
I have a question , is this the default configuration (tcp_isn_passphrase with some value) or we have to do it manually after installation.
How the value is used to generate random nombers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 03:07 AM
01-07-2009 03:07 AM
			
				
					
						
							Re: nddconf  More random tcp sequence tcp_isn_passphrase
						
					
					
				
			
		
	
			
	
	
	
	
	
> configuration (tcp_isn_passphrase with some
> value) or we have to do it manually after
> installation.
by default tcp_isn_passphrase is not enabled.
As soon as you enter a line with tcp_isn_passphrase param in nddconf, then it is enabled.
> How the value is used to generate random
> nombers.
For security reason this can't be explained.
It hashes it with some other none deterministic values of the kernel to obtain a random seed
