thus Daniel Carosone spake:
> On Sun, Jul 10, 2005 at 06:22:31PM +0200, Timo Schoeler wrote:
> 
>>is there an option i've overseen or something to add to ipf to increase
>>TCP sequence randomization?
> 
> 
> Not explicitly.  I presume you have hosts behind the ipf with poor ISN
> behaviour?

it's a NetBSD (2.0.2) machine running ipf -- i just nmapped it and found
this poor TCP sequence randomization. the other things look quite well,
so this was the thing i thought to be 'optimized' somehow ;)

> There's no NAT-like rewriting of sequence numbers (that
> I'm aware of), but if you pushed each of those connections through an
> ipf transparent proxy (similar to the ftp one) you would implicitly
> inherit the ISN behaviour of the ipf host instead.
> 
> --
> Dan.

timo