Hi,
> how is that implemented? faq? doc?
Source :)
...
/*
* TCP initial sequence number picking. This uses the random number
* generator to pick an initial secret value. This value is hashed
* along with the TCP endpoint information to provide a unique
* starting point for each pair of TCP endpoints. This defeats
* attacks which rely on guessing the initial TCP sequence number.
* This algorithm was suggested by Steve Bellovin.
*/
__u32 secure_tcp_sequence_number(__u32 saddr, __u32 daddr,
__u16 sport, __u16 dport)
...
Linux has a /dev/random, which access an special entropy pool in the kernel.
Its a list of bytes which are greated by measuring interrupts, mouse and
keyboard events and should be real random. This random data is used together
with the socket data. Additionally it's using a 1MHz Clock (opposed to the
recommended 250kHz from RFC793.
I looked in the Source, Linux can be configured to use eighter SHA or MD4
Hashing of those values.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels @
Wittumstrasse13 .
76646Bruchsal .
de --
( .. ) ecki @
{lina .
inka .
de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes @
irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
|
|
