My client is failing a Security Metrics scan with this error on a Win SBS 2008 server. I didnt even know you could fail this on anything past NT....ha!
Anyone know how to fix this on SBS 2008?
Description: initial TCP sequence number is predictable Windows Server 2008Apr 11 22:51:38 2011newSeverity: Area of Concern CVE: CVE-1999-0077 5.0918new11Impact: A remote attacker could hijack an existing session or create a new session using an arbitrary source IP address. If services which use address-based authentication mechanisms are enabled on the server, the attacker could execute arbitrary commands. Background: The Transmission Control Protocol (TCP) is the protocol used by services such as telnet, ftp, and smtp to establish a connection between a client and a server. Every TCP packet includes a sequence number in the header to ensure that all packets are received at the destination and re-assembled in the correct order. The sequence numbering begins with an initial sequence number which is chosen by the server and sent to the client when the connection is established. Thus, sequence numbers also help to verify the identity of the client, since only the intended client has knowledge of the initial sequence number. Resolution The Solution described in [ftp://ftp.isi.edu/in-notes/rfc1948.txt
] RFC1948 was developed to sufficiently randomize initial sequence numbers so they cannot be predicted. Check [http://www.cert.org/advisories/CA-2001-
09.html] CERT Advisory 2001-09 to see whether your vendor has released a patch which implements this Solution. If your operating system is vulnerable and there is no patch available, it would be advisable to upgrade your operating system. Most modern operating systems are not affected by this vulnerability. Windows NT users should apply service pack 6a and install the patch referenced in [http://www.microsoft.com/technet/securi
Microsoft Security Bulletin 99-046. Vulnerability Details: Service: nmap TCP Sequence Prediction: Difficulty=0 (Trivial joke)