Subject: Re: how to increase TCP sequence randomization (with ipf)?
To: Timo Schoeler <email@example.com>
From: Daniel Carosone <firstname.lastname@example.org>
Date: 07/12/2005 10:48:23
Content-Type: text/plain; charset=us-ascii
On Sun, Jul 10, 2005 at 06:22:31PM +0200, Timo Schoeler wrote:
> is there an option i've overseen or something to add to ipf to increase
> TCP sequence randomization?
Not explicitly. I presume you have hosts behind the ipf with poor ISN
behaviour? There's no NAT-like rewriting of sequence numbers (that
I'm aware of), but if you pushed each of those connections through an
ipf transparent proxy (similar to the ftp one) you would implicitly
inherit the ISN behaviour of the ipf host instead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----