TCP/IP Initial Sequence Number (ISN) Reuse Weakness

High Nessus Plugin ID 11057


The remote device seems to generate predictable TCP Initial Sequence Numbers.


The remote host seems to generate Initial Sequence Numbers (ISN) in a weak manner which seems to solely depend on the source and dest port of the TCP packets.

An attacker may exploit this flaw to establish spoofed connections to the remote host.

The Raptor Firewall and Novell NetWare are known to be vulnerable to this flaw, although other network devices may be vulnerable as well.


If you are using a Raptor Firewall, install the TCP security hotfix described in Symantec's advisory. Otherwise, contact your vendor for a patch.

See Also

Plugin Details

Severity: High

ID: 11057

File Name: raptor_isn.nasl

Version: $Revision: 1.33 $

Type: remote

Family: General

Published: 2002/08/02

Modified: 2016/11/17

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Required KB Items: Settings/ThoroughTests

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1995/01/01

Reference Information

CVE: CVE-2002-1463

BID: 5387, 8652

OSVDB: 199