HPE Community
Operating System - HP-UX
1849253 Members
5013 Online
104042 Solutions
New Discussion

Re: TCP packet sequence numbering

 
SOLVED
Go to solution
Bob Carback
Frequent Advisor

‎03-09-2006 06:39 AM

‎03-09-2006 06:39 AM

TCP packet sequence numbering

Used to be able to use nettune to enable TCP packet sequence numbering with --
nettune -s tcp_random_seq 2

Is there an equivelent for ndd?
0 Kudos
Reply
5 REPLIES 5
Carlos Roberto Schimidt
Regular Advisor

‎03-09-2006 06:44 AM

‎03-09-2006 06:44 AM

Re: TCP packet sequence numbering

Hi Bob,

I think this document may help you:

ftp://ftp.cup.hp.com/dist/networking/briefs/annotated_ndd.txt

Behavior is a little different in HP 11.x

SChimidt
0 Kudos
Reply
Bob Carback
Frequent Advisor

‎03-09-2006 06:49 AM

‎03-09-2006 06:49 AM

Re: TCP packet sequence numbering

Thanks. This doesn't appear to mention random TCP packet sequence numbering. Any idea for another name for this?
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎03-09-2006 06:51 AM

‎03-09-2006 06:51 AM

Solution

Re: TCP packet sequence numbering

Depends on which OS you're now using....

To enable tcp randomization on HP-UX 11.00, 11.04, and 11.11(11i):

----------------------------------------------------------------------
--

HP randomization

HP-UX release 11.00:
Install PHNE_22397 or subsequent. The HP randomization will
then be the default tcp randomization.

NOTE: This patch has dependencies.


HP-UX release 11.11 (11i):
No patch is required. The HP randomization has always been
implemented in HP-UX 11.11 (11i) and is the default tcp
randomization.

RFC 1948 ISN randomization

HP-UX 11.00: Apply PHNE_26771 or subsequent.
HP-UX 11.04: Apply PHNE_26101 or subsequent.
HP-UX 11.11 (11i): Apply PHNE_25644 or subsequent.

Once the appropriate patch has been applied the RFC 1948 ISN
randomization can be enabled on HP-UX 11.00, 11.04 and 11.11
by executing the following command as root:

ndd -set /dev/tcp tcp_isn_passphrase
where is any length character
string. Only the first 32 characters will be
retained. If the passphrase is changed the system
should be rebooted.

NOTE: RFC 1948 ISN randomization is not available on
HP-UX release 10.20. Customers who want RFC 1948
ISN randomization should upgrade to HP-UX 11.X and
apply necessary patches as discussed herein.

Remember, wherever you go, there you are...
Reply
Bob Carback
Frequent Advisor

‎03-09-2006 06:54 AM

‎03-09-2006 06:54 AM

Re: TCP packet sequence numbering

This is actually HP-UX 11.23 (11iv2 ia64)
0 Kudos
Reply
rick jones
Honored Contributor

‎03-09-2006 12:31 PM

‎03-09-2006 12:31 PM

Re: TCP packet sequence numbering

I really should update that annotated_ndd document one of these days...
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.