PIX Question

rewindrewind Member Posts: 40 ■■□□□□□□□□
Can anybody explaing how the TCP random sequence number change that the Pix does actually prevents session hijacking? From what I gather, all this does is change the seq number in the original packet to a different random seq number in the translated packet.

Thanks!

Comments

  • darkuserdarkuser Member Posts: 621
    the normal tcp sequence number is predictable
    the pix randomizes it so it's not predictable
    this is transparent to the two parties participating in the 3 way handshake.
    rm -rf /
  • rewindrewind Member Posts: 40 ■■□□□□□□□□
    darkuser wrote:
    the normal tcp sequence number is predictable
    the pix randomizes it so it's not predictable
    this is transparent to the two parties participating in the 3 way handshake.

    Thanks for responding! How is the original tcp sequence number predictable? I thought that it was choosen at random by the host for each new session?
  • tierstentiersten Member Posts: 4,505
    Old TCP stacks used a timer to generate the ISN. This was predictable so most new TCP stacks have changed over to randomizing the ISN. They will randomize the increment as well.

    The PIX can do this or the actual device behind the PIX can do it. If the device is already doing it then you should disable it on the PIX. The PIX will have to do more work as it needs to keep track of more things.
  • rewindrewind Member Posts: 40 ■■□□□□□□□□
    tiersten wrote:
    Old TCP stacks used a timer to generate the ISN. This was predictable so most new TCP stacks have changed over to randomizing the ISN. They will randomize the increment as well.

    The PIX can do this or the actual device behind the PIX can do it. If the device is already doing it then you should disable it on the PIX. The PIX will have to do more work as it needs to keep track of more things.


    Good to know. Thanks! :)
Sign In or Register to comment.