Question.. I have a Pro-VX model, fw 6.1.2.0. Under the Access button in the Detection Prevention section, there is a check box that is supposed to randomize your IP Id, your ISN.. According to the help, this feature is supposed to randomize the TCP Sequence, in order to make it harder to use TCP fingerprinting from identifying the Sonicwall as a Sonicwall. Why this isn't a standard feature instead of an option is beyond me.. But, in scanning the Sonicwall's both internal and external IP interfaces, I've come to find that whether or not this feature is selected there is NO change in the way TCP Sequencing is performed. As you can see below, both scans show only an Incremental change, not a true random ISN. This seems like a false sense of protection.. I was unable to find any information on the feature in the online knowledge base. The sequencing used is in both is the 64K rule, which was considered an insecure method on OS's a couple/few years ago. The time/effort of a hacker in working to predict this sequencing in order to spoof packets would be minimal. Can anybody from Sonicwall explain this?
W/O Randomizing With Randomizing FCD19BBD FE525FBD FCD295BD FE5359BD FCD38FBD FE5453BD FCD67DBD FE5741BD FCD777BD FE583BBD FCD871BD FE5935BD Cavell McDermott Domino Admin APW Ltd. - Texas Campus 214-343-1400 - Main 214-355-2022 - Direct 214-341-9950 - Fax http://www.apw.com --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
