Alpha patch for FreeBSD that randomizes the sequence numbers sent by TCP to circumvent connection hijacking and/or spoofed connections (3-way handshake acheived by guessing sequence numbers).
ab5c71478fa83d7120ef65390ec11a21f1ec6c3dee83be9dcba8edf4dd6bf895
--- tcp_input.c.orig.seq Tue Feb 8 19:01:35 2000
+++ tcp_input.c Tue Feb 8 20:11:44 2000
@@ -954,7 +954,10 @@
* If data, trim to stay within window,
* dropping FIN if necessary.
*/
- ti->ti_seq++;
+ ti->ti_seq += 3;
+ ti->ti_seq %= 2;
+ ti->ti_seq -= 1;
+ ti->ti_seq += random();
if (ti->ti_len > tp->rcv_wnd) {
todrop = ti->ti_len - tp->rcv_wnd;
m_adj(m, -todrop);
@@ -1149,7 +1152,10 @@
if (todrop > 0) {
if (tiflags & TH_SYN) {
tiflags &= ~TH_SYN;
- ti->ti_seq++;
+ ti->ti_seq += 3;
+ ti->ti_seq %= 2;
+ ti->ti_seq -= 1;
+ ti->ti_seq += random();
if (ti->ti_urp > 1)
ti->ti_urp--;
else
--- tcp_output.c.orig Wed Apr 7 18:25:52 1999
+++ tcp_output.c Tue Feb 8 20:14:42 2000
@@ -549,7 +549,7 @@
*/
if (flags & TH_FIN && tp->t_flags & TF_SENTFIN &&
tp->snd_nxt == tp->snd_max)
- tp->snd_nxt--;
+ tp->snd_nxt -= random();
/*
* If we are doing retransmissions, then snd_nxt will
* not reflect the first unsent octet. For ACK only