https://community.cisco.com/t5/network-security/random-sequence-number/m-p/1111395#M913545 <P>Hi all, I know the asa randomizes the tcp sequence number, what is the beneift of this ?</P> Mon, 11 Mar 2019 13:39:27 GMT carl_townshend 2019-03-11T13:39:27Z https://community.cisco.com/t5/network-security/random-sequence-number/m-p/1111395#M913545 <P>Hi all, I know the asa randomizes the tcp sequence number, what is the beneift of this ?</P> Mon, 11 Mar 2019 13:39:27 GMT https://community.cisco.com/t5/network-security/random-sequence-number/m-p/1111395#M913545 carl_townshend 2019-03-11T13:39:27Z https://community.cisco.com/t5/network-security/random-sequence-number/m-p/1111396#M913547 <HTML><HEAD></HEAD><BODY><P>Hi Carl</P><P></P><P>By default, when the firewall creates new outbound TCP connections, it assigns a randomized</P><P>TCP initial sequence number (ISN). This is useful to prevent outside users from being able to</P><P>predict or guess the sequence number and hijack a connection.</P><P>Normally, hosts provide their own random ISNs when they initiate new TCP connections.</P><P>However, the TCP/IP protocol stack in some operating systems has a weak implementation of</P><P>this, allowing the ISN to be predicted. The firewall maintains the original ISN for use with the</P><P>originating host and overwrites this value for use with the destination host. Therefore, neither the</P><P>originating nor target host is aware that the ISN has been altered or further randomized</P><P></P><P>If helpful Rate</P></BODY></HTML> Thu, 04 Sep 2008 07:41:05 GMT https://community.cisco.com/t5/network-security/random-sequence-number/m-p/1111396#M913547 Marwan ALshawi 2008-09-04T07:41:05Z