>> How about a modification where a small random increment (say 12
>> bits) is added instead of the fixed time based increment.

> This is basically what I was going to suggest.  Can anyone think of a
> reason why this is a bad idea?

If you do this every time a connection is opened or something, it
should be reasonable.  If you do it only at the times when you
previously would have added the time-based increment, it's not much
help, because it's relatively easy to sample the ISN and then (ab)use
the observed value within a window narrower than the rate at which that
clock ticks.

Of course, you're still vulnerable to a lucky guess.  You're vulnerable
to that already, albeit with a 2^-31 chance instead of a 2^-12 (or
whatever) chance.

Also take care that the attacker can't do a bunch of ISN probes, deduce
the random number generator state, and thus predict the values you'll
add, or again it's as pointless as what we have now.  Perhaps have
system events such as packet reception or transmission, disk I/O,
context switches, etc, corrupt the random number generator state
slightly, so as to ensure it's not predictable even with several dozen
old values to work from...?

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu