Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: April 2019

How to Specify a Strong Random Number for Initial TCP Connection

This procedure ensures that the TCP initial sequence number generation parameter complies with Defending against Sequence Number Attacks (https://www.rfc-editor.org/info/rfc6528).

Before You Begin

You must become an administrator who is assigned the solaris.admin.edit/etc.default/inetinit authorization. By default, the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. Verify that the default value for the TCP_STRONG_ISS variable is 2.
    # grep TCP_STRONG /etc/default/inetinit
    # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters.
    # Set TCP_STRONG_ISS to be:
  2. If the value of TCP_STRONG_ISS is not 2, change it to 2.
    # pfedit /etc/default/inetinit
  3. Reboot the system.
    # /usr/sbin/reboot