From: boite-a-spam@plouf.fr.eu.org   
      
   Noah Davids a écrit :   
   > Pascal Hambourg wrote:   
   >>   
   >> Noah Davids a écrit :   
   >>> Can anyone suggest what type of device would rewrite sequence numbers in   
   >>> a connection.   
   >>   
   >> Stateful firewalls and NAT devices.   
   >   
   > I thought of a NAT device but since the IP addresses and port numbers   
   > are unchanged it didn't seem likely. Are you suggesting that a NAT   
   > device might not rewrite addresses and port numbers?   
      
   I was just making a general answer. Actually the only reason I can see   
   for a NAT device to rewrite sequence numbers is when the NAT operation   
   changes the length of some segments. One example is when the IP address   
   transmitted in the payload of an FTP control connection is translated   
   and the length of its ASCII decimal representation changes.   
      
   > As far as a stateful firewall, I thought of that as well but I couldn't   
   > think of a reason why it would bother to rewrite the sequence numbers   
   > but leave everything else unchanged. Is there a reason?   
      
   There is at least one. Some (presumably older) TCP/IP stacks are known   
   to have an ISN (initial sequence number) generator with poor randomness   
   that is predictable and could be taken advantage of in some attack   
   scenarios. Rewriting the sequence numbers with better randomness helps   
   protecting devices using these stacks from such attacks.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)