OpenBSD Information for VU#498440

Multiple TCP/IP implementations may use statistically predictable initial sequence numbers



Vendor Statement

post-2.8 we no longer use random increments, but a much more sophisticated

please note that using real random initial sequence numbers is pretty
much in violation of the RFC's, since random number generators are
totally allowed to provide a number like 42 three times in a row.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.