Re: HP-UX tcp_random_seq

[casper () HOLLAND SUN COM (Casper Dik)]

> I dont belive this is been given enough distribution. Under HP-UX you can
> configure it to use random TCP sequence numbers by setting the
> tcp_random_seq variable. The values are:
>
>   0 - old behavior (default)
>   1 - rand(3) bahavior
>   2 - rand48(3) behhavior
>
> The seed value for the rand*() functions is based on the time when
> tcp_init() (or nettune) is called, so dont make your uptime public
> (i.e. rstatd).

Solaris 2.x has a similar option.

ndd -set /dev/tcp tcp_string_iss <value>

It accepts three values (2 in 2.5*)

        0 - old behaviour
        1 - using random(3) [default]
        2 - new in 2.6., RFC 1948 support
            The password for this is set from root's /etc/shadow entry
            using ndd -set /dev/tcp tcp_1948_phrase <shadow field>

The method to set this in 2.6 is editing /etc/default/inetinit and add
TCP_STRONG_ISS=2

If you have lots of clients with the same encrypted root password, you'd
want to find another way of setting the tcp_1948_phrase

Casper