Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3116
Views
13
Helpful
1
Replies

random sequence number

carl_townshend
Spotlight
Spotlight

‎09-03-2008 02:22 PM - edited ‎03-11-2019 06:39 AM

Hi all, I know the asa randomizes the tcp sequence number, what is the beneift of this ?

Labels:
0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎09-04-2008 12:41 AM

Hi Carl

By default, when the firewall creates new outbound TCP connections, it assigns a randomized

TCP initial sequence number (ISN). This is useful to prevent outside users from being able to

predict or guess the sequence number and hijack a connection.

Normally, hosts provide their own random ISNs when they initiate new TCP connections.

However, the TCP/IP protocol stack in some operating systems has a weak implementation of

this, allowing the ISN to be predicted. The firewall maintains the original ISN for use with the

originating host and overwrites this value for use with the destination host. Therefore, neither the

originating nor target host is aware that the ISN has been altered or further randomized

If helpful Rate

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card