Why does the Selective-ACK-Permitted option is enabled by default?

Unanswered Question
Jan 28th, 2010


On FWSM running 3.2 OS, the sysopt connectione tcp sack-permitted is enabled by default.  Because of the tcp randomization that is enabled too by default the tcp selective acknowledge feature is not usefull.  I'm planning too disable the tcp-sack using the no sysopt command.  Usually, OS default configuration are consistant.  Am I missing something here?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Thu, 01/28/2010 - 06:32

Yes it is enabled by default.


Command Default

This command is enabled by default, and the Selective-ACK-Permitted option remains intact.

This is a security feature so, it is enabled by default.  You can turn it off by adding the keyword "norandomseq" in the tail end of the static command as well.



This Discussion