VULHUB ™

Over the past several years, a variety of attacks against TCP initial sequence number (ISN) generation have been discussed. A vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections. By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections.

Over the past several years, a variety of attacks against TCP initial sequence number (ISN) generation have been discussed. A vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections. By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections.