Over a year ago, I published a whitepaper titled
“Strange Attractors and TCP/IP Sequence Number Analysis” –
an attempt to evaluate TCP/IP sequence number generators in several
mainstream operating systems by mapping the dynamics of the generated
sequence numbers into a three-dimensional phase space. We demonstrated how
this approach can be used to find many non-trivial correlation,
and discussed why the results can be directly used to perform actual
This research, among with the research from Guardent, resulted in the release of
CERT Advisory CA-2001-09
and several vendor bulletins.
The goal of this follow-up is to evaluate any subsequent security measures
implemented by the vendors in this field since the release of the original
publication, and to evalute several systems that were not covered earlier.
For the purpose of this document, we assume that the reader has read the
original publication, and has an understanding of the methodology and
Please note that the presented results are preliminary and should not be
considered as a reliable metric for comparing the relative strength of
the operating systems ISN generators at this time.