| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0710201921000.19637@bizon.gios.gov.pl> Date: Sat, 20 Oct 2007 19:23:25 +0200 (CEST) From: Krzysztof Oledzki <ole@....pl> To: Willy Tarreau <w@....eu> cc: haproxy@...milux.org, netdev@...r.kernel.org Subject: Re: ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter) On Sat, 20 Oct 2007, Krzysztof Oledzki wrote: > > > On Sat, 20 Oct 2007, Willy Tarreau wrote: > <CUT> > >>>> What is very strange is that linux uses random increments, so your ISNs >>>> should not wrap in a matter of a few seconds. >>> >>> Good point. I need to investigate this. >> >> netcat is very convenient for such tests. It's easy to bind it to a >> source port for consecutive tests while you run tcpdump in the background : >> >> $ echo bla | nc -p 1234 192.168.1.2 80 >> $ echo bla | nc -p 1234 192.168.1.2 80 >> >> Also, please try this with tcp_timestamps enabled and disabled to see if it >> changes anything. > > Interesting... :| > > 2.6.20: > 18:52:33.558379 IP 192.168.0.33.3333 > 212.77.100.101.80: S > 3708509816:3708509816(0) win 5840 <mss 1460,sackOK,timestamp 1884090256 > 0,nop,wscale 1> > 18:52:33.882129 IP 192.168.0.33.3333 > 212.77.100.101.80: S > 3708833567:3708833567(0) win 5840 <mss 1460,sackOK,timestamp 1884090580 > 0,nop,wscale 1> > 18:52:34.084000 IP 192.168.0.33.3333 > 212.77.100.101.80: S > 3709035437:3709035437(0) win 5840 <mss 1460,sackOK,timestamp 1884090782 > 0,nop,wscale 1> > > 2.6.21: > 18:58:36.074969 IP 192.168.0.66.3333 > 212.77.100.101.80: S > 110585153:110585153(0) win 5840 <mss 1460,sackOK,timestamp 112007046 > 0,nop,wscale 5> > 18:58:36.440084 IP 192.168.0.66.3333 > 212.77.100.101.80: S > 110950271:110950271(0) win 5840 <mss 1460,sackOK,timestamp 112007412 > 0,nop,wscale 5> > 18:58:36.830141 IP 192.168.0.66.3333 > 212.77.100.101.80: S > 111340328:111340328(0) win 5840 <mss 1460,sackOK,timestamp 112007802 > 0,nop,wscale 5> > > 2.6.22: > 18:59:34.525097 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 3303295586:3303295586(0) win 5840 <mss 1460,sackOK,timestamp 1111842 > 0,nop,wscale 6> > 18:59:34.942104 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 3720303240:3720303240(0) win 5840 <mss 1460,sackOK,timestamp 1112259 > 0,nop,wscale 6> > 18:59:35.412229 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 4190427367:4190427367(0) win 5840 <mss 1460,sackOK,timestamp 1112729 > 0,nop,wscale 6> > > 2.6.22+tcp_timestamps=0: > 19:00:38.285554 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 2639244549:2639244549(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> > 19:00:39.448675 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 3802363348:3802363348(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> > 19:00:43.003850 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 3062574559:3062574559(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> > 19:00:45.950863 IP 192.168.0.7.3333 > 212.77.100.101.80: S > 1714619373:1714619373(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> > > So it seems that ISNs are not randomly incremented but rather randomly > generated. Adding netdev@...r.kernel.org to the CC list. Eh, I was little to hurry this time. There were not randomly generated but incremented with to big value. This patch fixes my problem: http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=queue-2.6.22/fix-tcp-initial-sequence-number-selection.patch;h=05b9167d68ecde1e6088f58c55e2906b768420ed;hb=HEAD Looking forward for a next -stable release. ;) Best regards, Krzysztof Olędzki
Powered by blists - more mailing lists