OpenBSD Information for VU#498440
Multiple TCP/IP implementations may use statistically predictable initial sequence numbers
- Vendor Information Help Date Notified: 08 Mar 2001
- Statement Date: 08 Mar 2001
- Date Updated: 19 Apr 2001
post-2.8 we no longer use random increments, but a much more sophisticated
please note that using real random initial sequence numbers is pretty
much in violation of the RFC's, since random number generators are
totally allowed to provide a number like 42 three times in a row.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.