TCP/IP Initial Sequence Number (ISN) Reuse Weakness
High Nessus Plugin ID 11057
SynopsisThe remote device seems to generate predictable TCP Initial Sequence Numbers.
DescriptionThe remote host seems to generate Initial Sequence Numbers (ISN) in a weak manner which seems to solely depend on the source and dest port of the TCP packets.
An attacker may exploit this flaw to establish spoofed connections to the remote host.
The Raptor Firewall and Novell NetWare are known to be vulnerable to this flaw, although other network devices may be vulnerable as well.
SolutionIf you are using a Raptor Firewall, install the TCP security hotfix described in Symantec's advisory. Otherwise, contact your vendor for a patch.