11-02-2011 02:34 PM - edited 03-11-2019 02:45 PM
I have a server that has an old kernel that is vulnerable to a security weakness related to TCP sequence number generation. This is now put behind a Cisco ASA 5510 and static map to an external IP. Will the cIsco ASA intercept the traffic and re-generate randomized sequence number on behalf of the server?
Thanks
Eppie
11-02-2011 02:59 PM
Is this under the feature of Sequence Number Randomization (SNR) of the ASA?
11-02-2011 03:30 PM
Hi Eppie,
That is correct, the ASA as part of the security mechanisms and the Stateful firewall algorithm will randomize the sequence number.
This option can be enable by host also. By default, it is being done for all of the internal hosts.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide