Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Cisco FWSM and Random Sequencing
From: Chris Green <cmgreen () UAB EDU>
Date: Mon, 21 Oct 2013 13:11:15 +0000

While yelling about FWSMs, they don't support TCP Selective Acknowledgement skipping which can also cause the transfers 
to stall.

no sysopt connection tcp sack-permitted

Not sure if later code releases fixed this but I don't think so.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ian 
McDonald
Sent: Friday, October 18, 2013 8:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cisco FWSM and Random Sequencing


Has anyone else encountered this issue with a FWSM or any other firewalls?  If so was the solution to disable the 
sequence number randomization?


Yes. Yes.



Thanks
Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]