From: Daniel Ahlberg (
Date: Fri Sep 20 2002 - 08:45:30 EST

I don't know if this is already known or if I'm wrong, but here it is:

I ran nessus on my local servers and for some hosts it reported:

"Vulnerability found on port general/tcp

      The remote host seems to generate Initial Sequence Numbers
      (ISN) in a weak manner which seems to solely depend
      on the source and dest port of the TCP packets.

      The Raptor Firewall is known to be vulnerable to this flaw,
      as may others be.

      An attacker may use this flaw to establish spoofed connections
      to the remote host.

      Solution : If you are using a Raptor Firewall, see
      or else contact your vendor for a patch

Risk factor : High"


"Warning found on port general/tcp

      The remote host uses non-random IP IDs, that is, it is
      possible to predict the next value of the ip_id field of
      the ip packets sent by this host.

      An attacker may use this feature to determine if the remote
      host sent a packet in reply to another request. This may be
      used for portscanning and other things.

      Solution : Contact your vendor for a patch
Risk factor : Low"

Since I didn't get this on all my hosts I began wondering what caused this. A
quick look at the config files showed that when the host had been compiled
with CONFIG_PACKET_MMAP=y nessus found these problems. All servers tested are
running 2.4.18 or 2.4.19.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Sep 23 2002 - 22:00:30 EST