Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
4-108
Firewall
Attack Checking
Figure 4-71. Session Hijacked with Sequence Number Prediction
If an attacker successfully guesses an ISN, the attacker may feasibly access
your full network. Therefore, it is important that the ISN be generated ran-
domly, making it significantly harder to guess. When the sequence-number-
prediction attack check is enabled, the TMS zl Module will general pseudo-
random ISNs.
Note This attack is sometimes called a TCP sequence-prediction attack, but we will
refer to it only as a sequence number prediction attack.
Protection against the sequence number prediction attack applies only to
traffic that originates from the External zone.
Sequence Number Out of Range
TCP headers include a 16-bit sliding window field that specifies the maximum
number of unacknowledged bytes allowed in a session.
Figure 4-72. TCP Sliding Window