[c-nsp] configuring RFC1948 on the ASA 5505
Peter Rathlev
peter at rathlev.dk
Mon Jun 9 04:57:23 EDT 2008
On Sat, 2008-06-07 at 22:58 -0400, Luan M Nguyen wrote:
> I wonder if you do this:
> class-map tcp_traffic
> match any
> policy-map global_policy
> class tcp_traffic
> set connection random-sequence-number disable
>
> Would you get TCP Sequence Prediction: Difficulty=0 (Trivial joke)?
Well, I tried that now, but it doesn't change the result. The above is
about randomizing TCP sequence numbers for connections passing _through_
the ASA. It doesn't change anything for connections with the ASA as one
endpoint.
Regards,
Peter
More information about the cisco-nsp
mailing list