Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

How to Specify a Strong Random Number for Initial TCP Connection

This procedure ensures that the TCP initial sequence number generation parameter complies with RFC 6528 (http://www.ietf.org/rfc/rfc6528.txt).

Before You Begin

You must become an administrator who is assigned the solaris.admin.edit/etc.default/inetinit authorization. By default, the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. Verify that the default value for the TCP_STRONG_ISS variable is 2.
    # grep TCP_STRONG /etc/default/inetinit
    # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters.
    # Set TCP_STRONG_ISS to be:
    TCP_STRONG_ISS=2
  2. If the value of TCP_STRONG_ISS is not 2, change it to 2.
    # pfedit /etc/default/inetinit
    TCP_STRONG_ISS=2
  3. Reboot the system.
    # /usr/sbin/reboot