[e2e] Comments requested on initial sequence number generation algorithm

[Mike Silbersack]

Hello, members of end2end.  I recently proposed a (new?) tcp initial
sequence number generation scheme for FreeBSD, and have been asked to seek
comment from a variety of sources.  Hence, I'm here to seek commentary
from the members of this list.

What I'm primarily interested in at this time is commentary on the
security provided by this method.  While efficiency and implemenation
issues are important, I'm requesting that discussion on those is held off
a few days until the security implications have been discussed.

Here is a simplification of the algorithm:

We have a linked list which stores two pieces of data per entry:  An IP
address, and an initial sequence number.

When a connection to or from a host is made, a lookup is done on the list.
If the host is not in the list, it will be added to the list, and the
associated initial sequence number will be initialized to a random value.

After this is complete (and during the setup of every future connection),
a random positive increment with a maximum value of 2^20 will be added to
the initial sequence number.  This incremented value will be stored and
used in the setting up the current connection.

Entries will remain in the linked list until at least 2*MSL past the time
the last connection to the host closes.

Provided that the random number generator used is good, I believe that
this method will provide excellent security while still ensuring
monotonicity.  A spoofing attack should be virtually impossible, as each
host's sequence space is completely independent of all others.

Any commentary is greatly appreciated.

Thanks,

Mike "Silby" Silbersack