Unpredictable TCP Sequence Numbers in SP4

This article was previously published under Q192292
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
The TCP protocol assigns an initial sequence number to each connection.Prior to Service Pack 4, it is possible, through careful analysis, todetermine the initial TCP sequence number for a specific Windows NTcommunications session. By predicting a TCP session's sequence number, itcould be possible to disrupt the integrity of a communication session thatdoes not provide its own session integrity. This is often referred to as"connection hijacking."

In Service Pack 4, the method of assigning sequence numbers to TCP sessionhas changed to make them more unpredictable.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NTversion 4.0. For more information, please see the following article in theMicrosoft Knowledge Base.

152734 How to Obtain the Latest Windows NT 4.0 Service Pack
STATUS
Microsoft has confirmed this to be a problem in Windows NT version 4.0.This problem was first corrected in Windows NT 4.0 Service Pack 4.
security hijacking hijack tcp port connect connections ISN SYN
Properties

Article ID: 192292 - Last Review: 02/21/2014 00:30:17 - Revision: 3.2

Microsoft Windows NT Server 4.0, Terminal Server Edition, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 4.0 Enterprise Edition, Microsoft BackOffice Small Business Server 4.0, Microsoft BackOffice Small Business Server 4.0a

  • kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbfea kbfix KB192292
Feedback