You're nmap'ing from inside, right? Nobody from outside should be able to connect to the Sonicwall at all. Sequence numbers for connections *across* the NAT depend on the endpoint hosts, not the NAT box. So this is a risk only if you have enemies already inside your house. Barney Wolff On Wed, Jul 25, 2001 at 05:17:28PM -0600, Dan Ferris wrote: > This may not seem bad, but to me it seems that this defeats the point of NAT > if somebody can steal your sessions. Note the section on TCP sequence > prediction. This was a Sonicwall SOHO firewall. > > ======= > Host (192.168.1.254) appears to be up ... good. > Initiating SYN half-open stealth scan against (192.168.1.254) > Adding TCP port 80 (state open). > The SYN scan took 8 seconds to scan 1523 ports. > For OSScan assuming that port 80 is open and port 1 is closed and neither > are firewalled > Interesting ports on (192.168.1.254): > (The 1518 ports scanned but not shown below are in state: closed) > Port State Service > 23/tcp filtered telnet > 67/tcp filtered bootps > 80/tcp open http > 137/tcp filtered netbios-ns > 514/tcp filtered shell > > TCP Sequence Prediction: Class=64K rule > Difficulty=1 (Trivial joke)