ISNs for TCP connections not sufficiently random

Question

ISNs for TCP connections not sufficiently random

silabs-steveegerter opened this issue 4 years ago · 0 comments

silabs-steveegerter commented 4 years ago

Initial sequence numbers (ISNs) are not derived from a sufficiently random source which could lead to an attacker either hijacking an existing connection or spoofing future connections. ISNs should adhere to RFC6528 to be more secure. ISNs are retrieved by NetUtil_InitSeqNbrGet().