Graphing Randomness in TCP Initial Sequence Numbers

Saint Aardvark writes "This is neat: Graphic visualization of how random TCP Initial Sequence Numbers really are for different OSs. It's a great way of seeing how secure a TCP stack really is. Cisco IOS is great; OS9, OpenVMS and IRIX aren't. Posted to the ever-lovin' BugTraq mailing list." This is a follow-up to the previous report.

I find it interesting

[PhysicsGenius]

that Linux is apparently beneath their contempt. Do they know something we don't know?

(To those tempted to reply that "they know it's secure", I'd like to point out that assumed security without testing is exactly what keeps getting MS in trouble)

Re:Previously posted....

[mvw]

Hm, I am not 100% sure, but isn't this the third time this article was featured on Slashdot?

But it is still a nice article, illustrating Knuth's advice simply to plot random numbers to visually quickly judge the quality of a pseudo random number generator.

tc/ip

[Anonymous Coward]

Question how can you tell tc/ip stack is from windows versus linux?

Any hw based ISN generators?

[ch-chuck]

't be cool to have a board with a bit of radioactive alpha source and a counter to make genuine random numbers. Like this [fourmilab.ch], or, ha, here's [std.com] one (3rd from the top) that proposes using disk drive air turbulance to generate random numbers!

Re:Understanding Randomness

[thomasj]

Lets face it: current computers and humans are both as bad as each other at randomness. The fact that computers have to "calculate" randomness is a bad sign in itself [...]

The funny thing is, that is really easy to construct a randomness hardware device. A zener diode can generate a lot of white noise just below its saturation point, so a circuit like this will do the trick:

12V
|
R1
|
+-Z-/
|
R2
|
+-C1-/
|
C2
|
+-R3-/
|
SchmidtTrigger-/
|
Out

For some reasonal values of the resistors and capacitors this would give a constant flow of ones and zeros that comes right out of the blue air (funny enough literally speaking) with more entropy than we will ever need.

Cost: less than one dollar.

What about home router sequence numbers?

[Anonymous Coward]

What about LinkSys, Netgear, SMC, Assante, DLink and other home routers? How good are their sequence numbers?

RFC 1948

[XNormal]

A TCP implementation that generates initial sequence numbers using a trivial time dependency may be secure against sequence number guessing attacks if it implements RFC 1948 [ietf.org].

The idea is to add a bias to the sequence numbers that depends on the source address. A client will be able to predict his own sequence numbers but not the sequence numbers of others. The bias is calculated using a cryptographic hash of the connection ID and a secret value.

A TCP implementation that uses RFC 1948 may still get a very poor rating for initial sequence number predictability from tools like nmap.

Does anyone know any TCP stack that actually implements it?