Improve the random generation of TCP sequence numbers.
wes-jmagasrevy opened this issue · 0 comments
wes-jmagasrevy commented
We need to strengthen the security of Cs/NET, particularly when generating initial sequence numbers (ISNs). We follow RFC 793 but we should try to adhere to RFC 6528 from 2012, which describes an algorithm that consists of a random source (secret key) generated by the concatenation of the (source_ip, source_port, remote_ip, remote_port) four-tuple and feeding it to a hashing function (e.g. MD5).