Options
PIX Question
rewind
Member Posts: 40 ■■□□□□□□□□
Can anybody explaing how the TCP random sequence number change that the Pix does actually prevents session hijacking? From what I gather, all this does is change the seq number in the original packet to a different random seq number in the translated packet.
Thanks!
Thanks!
Comments
-
Optionsdarkuser
Member Posts: 620 ■■■□□□□□□□
the normal tcp sequence number is predictable
the pix randomizes it so it's not predictable
this is transparent to the two parties participating in the 3 way handshake.rm -rf / -
Optionsrewind
Member Posts: 40 ■■□□□□□□□□
darkuser wrote:the normal tcp sequence number is predictable
the pix randomizes it so it's not predictable
this is transparent to the two parties participating in the 3 way handshake.
Thanks for responding! How is the original tcp sequence number predictable? I thought that it was choosen at random by the host for each new session? -
Optionstiersten
Member Posts: 4,505
Old TCP stacks used a timer to generate the ISN. This was predictable so most new TCP stacks have changed over to randomizing the ISN. They will randomize the increment as well.
The PIX can do this or the actual device behind the PIX can do it. If the device is already doing it then you should disable it on the PIX. The PIX will have to do more work as it needs to keep track of more things. -
Optionsrewind
Member Posts: 40 ■■□□□□□□□□
tiersten wrote:Old TCP stacks used a timer to generate the ISN. This was predictable so most new TCP stacks have changed over to randomizing the ISN. They will randomize the increment as well.
The PIX can do this or the actual device behind the PIX can do it. If the device is already doing it then you should disable it on the PIX. The PIX will have to do more work as it needs to keep track of more things.
Good to know. Thanks!