BSD Today: FreeBSD Security Advisory: FreeBSD-SA-00:52.tcp-iss
Oct 06, 2000, 22:35 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
[ Thanks to Jeremy C.
Reed for this link. ]
"It has long been known that an attacker who can guess the
initial sequence number which a system will use for the next
incoming TCP connection can spoof a TCP connection handshake coming
from a machine to which he does not have access, and then send
arbitrary data into the resulting TCP connection which will be
accepted by the server as coming from the spoofed machine."
"Systems derived from 4.4BSD-Lite2 including FreeBSD include
code which attempts to introduce an element of unpredictability
into the initial sequence numbers to prevent sequence number
guessing by a remote attacker. However the pseudo-random number
generator used is a simple linear congruent generator, and based on
observations of a few initial sequence values from legitimate
connections with a server, an attacker can guess with high
probability the value which will be used for the next
"All versions of FreeBSD prior to the correction date
including 4.1.1 and 3.5.1 are vulnerable to this problem."