On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette
wrote:> Hello,
>
> my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it
> complained about TCP Sequence Prediction:
>
> 'The TCP sequence was found to be predictable.'
>
> I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later
> :-) as listed in FreBSD-SA-00:52.
>
> I looked at the published Patch in FreBSD-SA-00:52 but couldn't find
> the Sourcecode Sequence to be patched any more (I wasn't wondering).
>
> But so, what shall I do, who's to blame? Is the ISS lying? Is there any
> advice from the FreeBSD Security Officer or the developers how to
> proceed further?
Is this what you're looking for:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.patch
Joe
>
> TIA - Matthias
>
> --
> ***************************************************************************
> * Matthias Schuendehuette msch@snafu.de *
> * Solmsstrasse 44 *
> * D-10961 Berlin Engineering Systems Support and Operation *
> * Germany (Powered by FreeBSD 4.5-PRERELEASE) *
> ***************************************************************************
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message