Re: Borderware predictable initial TCP

[avarvit () CC ECE NTUA GR (Aggelos P. Varvitsiotis)]

> AFAIK, this problem is not a Firewall-1 problem but a HP-UX problem.
>
> Please respond to Gigi Sullivan <sullivan () SECLAB COM>
> To:     BUGTRAQ () NETSPACE ORG
> Subject:        Re: Borderware predictable initial TCP sequence numbers
>
> Hello there,
>
> This can be applied also to Firewall-1 (CheckPoint) running on an
> HP-UX 10.X series.
>
>
> bye bye
>
>
> *************************************************
> Racer X
>
> (Unknown to Speed, Racer X is actually his older
> brother Rex, who ran away from home years ago)
> racer-x () altavista net
> *************************************************
> --------------------------------------------------------------------------------
>  -------------------------------\r\nGet your free email from altavista.iname.com

Fix for HP-UX 9.X (this has been around for quite some time):

        echo "tcp_random_seq/W 2" | /usr/bin/adb -w /hp-ux /dev/kmem

There is a similar fix for 10.X floating around, for whom may
be interested to look for it.


a.varvitsiotis () iccs ntua gr                     A.Varvitsiotis
                                             ICCS Computer Center
                                      National Technical University of Athens