Always starting with TCP sequence number 1 is a bad thing. It makes it easy
for a hacker to guess what the sequence number is and insert himself into a
connection establishment.
So PIX and other firewalls let you randomize the starting sequence number
for TCP implementations that don't already do this.
Priscilla
At 02:48 AM 9/6/01, Anatoly Shein wrote:
>Hi
>I was encountered with strange situation.
>Probably one of your can help/heard about something alike.
>
>Problem description:
>There is sun machine connected to pair of Cisco PIX 525
>On sun there is software sent TCP SYN probe packets
>with sequence number starts from 1 and increments for each packet.
>packets sent 1 for 50 mili seconds
>When packet cross router the sequence number is changed.
>This change is consistent for one set of packets but is not
>for subsequent set of packets
>
>for example :
>before cisco after cisco
>1. TCP syn seq = 1 seq = 1 + x
>2. TCP syn seq = 2 seq = 2 + x
>3. TCP syn seq = 3 seq = 3 + x
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18914&t=18764
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
