Bug 21860

Summary: The fix to TCP_ISSINCR after the bugtraq error report could still be enhanced.
Product: Base System Reporter: jau
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description jau 2000-10-09 13:40:01 UTC 
The TCP sequence number increment used to be counted like
this

#ifndef tcp_random18
#define tcp_random18()  (random() & 0x3ffff)
#endif

#define      TCP_ISSINCR     (122*1024 + tcp_random18())

which was then changed such that random became arc4random.
This in anyhow inferior to making the whole thing entirely
random as in

#define      TCP_ISSINCR     (arc4random())

Fix: 

#define      TCP_ISSINCR     (arc4random())
How-To-Repeat: 
Try each of the alternative methods with nmap.
Comment 1 jau 2000-10-17 11:39:22 UTC 
>Submitter-Id:	net
>Originator:	Jukka A. Ukkonen
>Organization:	Private Person
>Confidential:	no
>Synopsis:	kern/21860 should have better priority
>Severity:	critical
>Priority:	high
>Category:	kern
>Class:		sw-bug
>Release:	3.5.1
>Environment:	
>Description:
I made a typo while reporting kern/21860.
I should have given it better priority,
because the fix is so simple and obvious,
and the effect on system's ability to tolerate
sequence number guessing is greatly improved
making FreeBSD even better paltform for network
server applications.
My classifying this as a sw-bug instead of simply
change-request is a bit provocative, but I guess
the change is so obvious that it is almost a bug
(or better maybe a minor design flaw) that ISSINCR
has not been done the way I propose already by now.

>How-To-Repeat:
See the details in kern/21860.
>Fix:
See the details in kern/21860.
Comment 2 Bruce A. Mah freebsd_committer freebsd_triage 2001-11-11 01:14:37 UTC 
State Changed
From-To: open->closed

More recent versions of FreeBSD now use a version of the algorithm 
from RFC 1948 for setting TCP ISNs.