- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- TCP/IP Sequence Number Analysis - One Year Later
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2002 09:02 AM
09-11-2002 09:02 AM
http://lcamtuf.coredump.cx/newtcp/
According to the study, HP actually got a little worse with their fix.
How many people here have the patch (PHNE_26771) installed, and how many do not?
--
Mark
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2002 09:11 AM
09-11-2002 09:11 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
I don't have it.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2002 11:03 AM
09-11-2002 11:03 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2002 03:53 AM
09-12-2002 03:53 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
Not installed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2002 04:01 AM
09-12-2002 04:01 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2002 04:30 AM
09-12-2002 04:30 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
Another NO
Paula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2002 04:47 AM
09-12-2002 04:47 AM
Re: TCP/IP Sequence Number Analysis - One Year Later
Yes, we have 26771 installed on almost all our servers.
I am a little surprised others arent using it - its a patch listed by the HP Security patch check tool (B6834AA) as needing to be installed to fix a possible security hole and as a result we installed it weeks ago when we were notified to install it. Is nobody else running this very handy and in my opion, essential, security check tool ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2002 07:56 PM
09-12-2002 07:56 PM
SolutionI had done some research on PHNE_26771 in response to a previous posting and I discovered the following, which you might find useful:
============================================
The RFC 1948 is now implemented for computing TCP ISN values. By default, the support for RFC 1948 is turned off. It can be turned on by using the ndd variable, tcp_isn_passphrase
The passphrase, once set, should not be changed, except possibly at reboot.
For example:
ndd -set /dev/tcp tcp_isn_passphrase "rfc 1948" will turn on the support for RFC 1948.
============================================
This info is buried deep in the patch text, but it can be easily missed. I've requested modification of the CERT advisory, since it (incorrectly) states that RFC 1948 support is enabled by default, but I have seen no change to date.
So, until you enable RFC 1948 support, your ISN randomization will be no different than without the patch.
I hope this helps!
Regards,
Dave