I dont belive this is been given enough distribution. Under HP-UX you can
configure it to use random TCP sequence numbers by setting the
tcp_random_seq variable. The values are:

   0 - old behavior (default)
   1 - rand(3) bahavior
   2 - rand48(3) behhavior

The seed value for the rand*() functions is based on the time when
tcp_init() (or nettune) is called, so dont make your uptime public
(i.e. rstatd).

Under 10.X use nettune to set tcp_random_seq. Under 9.X you will have to
use the debuger, and then reboot.

   echo "tcp_random_seq?W 2" | adb -w /hp-ux
----------------------------------------------------------------------------



>I dont belive this is been given enough distribution. Under HP-UX you can
>configure it to use random TCP sequence numbers by setting the
>tcp_random_seq variable. The values are:
>
>   0 - old behavior (default)
>   1 - rand(3) bahavior
>   2 - rand48(3) behhavior
>
>The seed value for the rand*() functions is based on the time when
>tcp_init() (or nettune) is called, so dont make your uptime public
>(i.e. rstatd).
>

Solaris 2.x has a similar option.

ndd -set /dev/tcp tcp_string_iss <value>

It accepts three values (2 in 2.5*)

        0 - old behaviour
        1 - using random(3) [default]
        2 - new in 2.6., RFC 1948 support
            The password for this is set from root's /etc/shadow entry
            using ndd -set /dev/tcp tcp_1948_phrase <shadow field>

The method to set this in 2.6 is editing /etc/default/inetinit and add
TCP_STRONG_ISS=2

If you have lots of clients with the same encrypted root password, you'd
want to find another way of setting the tcp_1948_phrase

----------------------------------------------------------------------------