It would seem that it would be fairly easy to determine through documentation; if the IP Stack was altered between the two kernels. The ISN calculation algorithm should be well documented.
I would refer your question to some of the people more familiar with AF_INET and the Linux IP Stack composition. Thomas Jones David Lambert wrote: > I just upgraded my system from Linux 2.4.18 to 2.4.19 and noticed that > the nessus scan produced the following security hole. Reverting to the > 2.4.18 kernel removed this message. Does anyone have an opinion on > whether this a valid concern or a false positive? > > Thanks in advance for any suggestions. > > Dave. > > . Vulnerability found on port general/tcp : > > > > The remote host seems to generate Initial Sequence Numbers > (ISN) in a weak maner which seems to solely depend > on the source and dest port of the TCP packets. > > The Raptor Firewall is known to be vulnerable to this flaw, > as may others be. > > An attacker may use this flaw to establish spoofed connections > to the remote host. > > > Solution : If you are using a Raptor Firewall, see > > http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html > > or else contact your vendor for a patch > > Risk factor : High > > > > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. > > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
