Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Cisco FWSM and Random Sequencing
From: Chris Green <cmgreen () UAB EDU>
Date: Mon, 21 Oct 2013 13:11:15 +0000

While yelling about FWSMs, they don't support TCP Selective Acknowledgement skipping which can also cause the transfers 
to stall.

no sysopt connection tcp sack-permitted

Not sure if later code releases fixed this but I don't think so.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ian 
Sent: Friday, October 18, 2013 8:21 AM
Subject: Re: [SECURITY] Cisco FWSM and Random Sequencing

Has anyone else encountered this issue with a FWSM or any other firewalls?  If so was the solution to disable the 
sequence number randomization?

Yes. Yes.

Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]