Marwan ALshawi Thu, 09/04/2008 - 00:41
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

Hi Carl


By default, when the firewall creates new outbound TCP connections, it assigns a randomized

TCP initial sequence number (ISN). This is useful to prevent outside users from being able to

predict or guess the sequence number and hijack a connection.

Normally, hosts provide their own random ISNs when they initiate new TCP connections.

However, the TCP/IP protocol stack in some operating systems has a weak implementation of

this, allowing the ISN to be predicted. The firewall maintains the original ISN for use with the

originating host and overwrites this value for use with the destination host. Therefore, neither the

originating nor target host is aware that the ISN has been altered or further randomized


If helpful Rate

Actions

This Discussion