lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0710201853070.19637@bizon.gios.gov.pl>
Date:	Sat, 20 Oct 2007 19:08:52 +0200 (CEST)
From:	Krzysztof Oledzki <ole@....pl>
To:	Willy Tarreau <w@....eu>
cc:	haproxy@...milux.org, netdev@...r.kernel.org
Subject: ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter)



On Sat, 20 Oct 2007, Willy Tarreau wrote:
<CUT>

>>> What is very strange is that linux uses random increments, so your ISNs
>>> should not wrap in a matter of a few seconds.
>>
>> Good point. I need to investigate this.
>
> netcat is very convenient for such tests. It's easy to bind it to a
> source port for consecutive tests while you run tcpdump in the background :
>
>  $ echo bla | nc -p 1234 192.168.1.2 80
>  $ echo bla | nc -p 1234 192.168.1.2 80
>
> Also, please try this with tcp_timestamps enabled and disabled to see if it
> changes anything.

Interesting... :|

2.6.20:
18:52:33.558379 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708509816:3708509816(0) win 5840 <mss 1460,sackOK,timestamp 1884090256 0,nop,wscale 1>
18:52:33.882129 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708833567:3708833567(0) win 5840 <mss 1460,sackOK,timestamp 1884090580 0,nop,wscale 1>
18:52:34.084000 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3709035437:3709035437(0) win 5840 <mss 1460,sackOK,timestamp 1884090782 0,nop,wscale 1>

2.6.21:
18:58:36.074969 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110585153:110585153(0) win 5840 <mss 1460,sackOK,timestamp 112007046 0,nop,wscale 5>
18:58:36.440084 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110950271:110950271(0) win 5840 <mss 1460,sackOK,timestamp 112007412 0,nop,wscale 5>
18:58:36.830141 IP 192.168.0.66.3333 > 212.77.100.101.80: S 111340328:111340328(0) win 5840 <mss 1460,sackOK,timestamp 112007802 0,nop,wscale 5>

2.6.22:
18:59:34.525097 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3303295586:3303295586(0) win 5840 <mss 1460,sackOK,timestamp 1111842 0,nop,wscale 6>
18:59:34.942104 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3720303240:3720303240(0) win 5840 <mss 1460,sackOK,timestamp 1112259 0,nop,wscale 6>
18:59:35.412229 IP 192.168.0.7.3333 > 212.77.100.101.80: S 4190427367:4190427367(0) win 5840 <mss 1460,sackOK,timestamp 1112729 0,nop,wscale 6>

2.6.22+tcp_timestamps=0:
19:00:38.285554 IP 192.168.0.7.3333 > 212.77.100.101.80: S 2639244549:2639244549(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:39.448675 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3802363348:3802363348(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:43.003850 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3062574559:3062574559(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:45.950863 IP 192.168.0.7.3333 > 212.77.100.101.80: S 1714619373:1714619373(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>

So it seems that ISNs are not randomly incremented but rather randomly 
generated. Adding netdev@...r.kernel.org to the CC list.

Best regards,

 				Krzysztof Olędzki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ