Subject: Re: how to increase TCP sequence randomization (with ipf)?
To: Timo Schoeler <timo.schoeler@macfinity.net>
From: Daniel Carosone <dan@geek.com.au>
List: tech-net
Date: 07/12/2005 10:48:23
--QDIl5R72YNOeCxaP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Jul 10, 2005 at 06:22:31PM +0200, Timo Schoeler wrote:
> is there an option i've overseen or something to add to ipf to increase
> TCP sequence randomization?

Not explicitly.  I presume you have hosts behind the ipf with poor ISN
behaviour?  There's no NAT-like rewriting of sequence numbers (that
I'm aware of), but if you pushed each of those connections through an
ipf transparent proxy (similar to the ftp one) you would implicitly
inherit the ISN behaviour of the ipf host instead.

--
Dan.
--QDIl5R72YNOeCxaP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFC0xNWEAVxvV4N66cRAgIbAKD2c6QISDwXA9yg4OW+DOm8EW+76gCgnNhu
aEilSxt+j7J1sWaF2tBAB7I=
=dUiL
-----END PGP SIGNATURE-----

--QDIl5R72YNOeCxaP--