In "Re: TCP RST attack", "Jacques A. Vidrine" <nectar@freebsd.org> wrote: > On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote: > > Also keep in mind ports are predictable to varying degrees depending on > > the vendor or OS, which further reduces the brute force space you have to > > go though without sniffing. > > This is exactly why I ported OpenBSD's TCP ephemeral port allocation > randomization to FreeBSD-CURRENT (although I asked Mike Silby to commit > it for me and take the blame if it broke :-). It will also be MFC'd > shortly in time for 4.10-RELEASE. That sounds great! But a question arose in my mind... I think it'll improve FreeBSD as a client OS, but as a server OS it doesn't seem to help much (actually, any ;-). Is there any action planned to implement some kind of countermeasure for FreeBSD servers? Thanks, Tadaaki Nagao <nagao@iij.ad.jp> System Design and Development Division, Internet Initiative Japan Inc. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"