I only got three responses, two were requests for further information,
and the third confirmed what I had seen, and included a TCP fingerprint
indentical to what I was seeing.
Looks like DU4.0E uses constant TCP sequence numbers for some reason. I am
not sure what that means in terms of security, I would guess that it would
make it easier to hijack a TCP session for those so inclined.
BTW, nmap is a utility for port scanning large networks, and is not part
of DU. It can be downloaded from
http://www.insecure.org/nmap. It was
originally written for Linux, but has been ported to a number of other
platforms. (only partial support for DU.)
Many thanks to:
Lamont Granquist <lamontg_at_raven.genome.washington.edu>
Philippe Tempel <tempelp_at_toysrus.com>
Dennis MacDonell <DennisMacDonell_at_auslig.gov.au>
I still have no answer on how to change the way DU4.0E generates sequence
numbers.
Original message:
On Wed, 27 Jan 1999, Garry Optland wrote:
> Hi all,
>
> I have clean installed DU4.0E, on a PWS433au with no graphics card,
> mandatory subsets only. I am using enhanced security.
>
> If I do a "nmap -O" for the machine, I get a worrying message from nmap:
>
> TCP Sequence Prediction: Class=constant sequence number (!)
> Difficulty=0 (Trivial joke)
>
> This is the only 4.0E machine I have access to. Other machines with DU3.x
> or 4.0A-D seem to at least change the sequence number.
>
> Is there any way to change how DU generates sequence numbers? Has anyone
> used nmap -O against a DU4.0E machine with different results?
>
> Any help appreciated.
>
> Regards,
> Garry.
>
Regards,
Garry.
--------------------------------------------------------------------
Garry Optland phone: +61 2 9268 6160, mobile: +61 418490365
Email: garry_at_pp.nsw.gov.au fax: +61 2 9268 8094
Web Team Leader, Information Systems Group, Pacific Power.
Corner Park & Elizabeth Streets, Sydney, NSW 2001 Australia
--------------------------------------------------------------------
Received on Mon Feb 01 1999 - 05:23:43 NZDT