How to Specify a Strong Random Number for Initial TCP Connection - Securing the Network in Oracle® Solaris 11.2

Securing the Network in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing the Network in Oracle^® ... » Tuning Your Network » Tuning the Network » How to Specify a Strong Random Number for ...

Updated: August 2014

Securing the Network in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Link Protection in Virtualized Environments

Chapter 2 Tuning Your Network

Tuning the Network

How to Disable the Network Routing Daemon

How to Disable Broadcast Packet Forwarding

How to Disable Responses to Echo Requests

How to Set Strict Multihoming

How to Set Maximum Number of Incomplete TCP Connections

How to Set Maximum Number of Pending TCP Connections

How to Specify a Strong Random Number for Initial TCP Connection

How to Prevent ICMP Redirects

How to Reset Network Parameters to Secure Values

Chapter 3 Web Servers and the Secure Sockets Layer Protocol

Chapter 4 About IP Filter in Oracle Solaris

Chapter 5 Configuring IP Filter

Chapter 6 About IP Security Architecture

Chapter 7 Configuring IPsec

Chapter 8 About Internet Key Exchange

Chapter 9 Configuring IKEv2

Chapter 10 Configuring IKEv1

Chapter 11 Troubleshooting IPsec and Its Key Management Services

Chapter 12 IPsec and Key Management Reference

Network Security Glossary

Language:

How to Specify a Strong Random Number for Initial TCP Connection

This procedure ensures that the TCP initial sequence number generation parameter complies with RFC 6528.

Before You Begin

You must become an administrator who is assigned the solaris.admin.edit/etc.default/inetinit authorization. By default, the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Verify that the default value for the TCP_STRONG_ISS variable is 2.

# grep TCP_STRONG /etc/default/inetinit
# TCP_STRONG_ISS sets the TCP initial sequence number generation parameters.
# Set TCP_STRONG_ISS to be:
TCP_STRONG_ISS=2

If the value of TCP_STRONG_ISS is not 2, change it to 2.
```
# pfedit /etc/default/inetinit
TCP_STRONG_ISS=2
```
Reboot the system.
```
# /usr/sbin/reboot
```

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices