Module Name:	syssrc
Committed By:	thorpej
Date:		Tue Mar 20 20:07:53 UTC 2001

Modified Files:
	syssrc/sys/netinet: tcp_input.c tcp_output.c tcp_subr.c tcp_usrreq.c
	    tcp_var.h

Log Message:
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).

1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
   hash method of generating TCP ISS values.  Note, this code is experimental
   and disabled by default (experimental enough that I don't export the
   variable via sysctl yet, either).  There are a couple of issues I'd
   like to discuss with Steve, so this code should only be used by people
   who really know what they're doing.

2. Per a recent thread on Bugtraq, it's possible to determine a system's
   uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
   4.4BSD, timestamps are created by incrementing the tcp_now variable
   at 2 Hz; there's even a company out there that uses this to determine
   web server uptime.  According to Newsham's paper "The Problem With
   Random Increments", while NetBSD's TCP ISS generation method is much
   better than the "random increment" method used by FreeBSD and OpenBSD,
   it is still theoretically possible to mount an attack against NetBSD's
   method if the attacker knows how many times the tcp_iss_seq variable
   has been incremented.  By not leaking uptime information, we can make
   that much harder to determine.  So, we avoid the leak by giving each
   TCP connection a timebase of 0.


To generate a diff of this commit:
cvs rdiff -r1.122 -r1.123 syssrc/sys/netinet/tcp_input.c
cvs rdiff -r1.63 -r1.64 syssrc/sys/netinet/tcp_output.c
cvs rdiff -r1.107 -r1.108 syssrc/sys/netinet/tcp_subr.c
cvs rdiff -r1.60 -r1.61 syssrc/sys/netinet/tcp_usrreq.c
cvs rdiff -r1.77 -r1.78 syssrc/sys/netinet/tcp_var.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.