Unpredictable TCP Sequence Numbers in SP4

ID: Q192292

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows NT Server, Enterprise Edition version 4.0
  • Microsoft Windows NT Server version 4.0, Terminal Server Edition
  • Microsoft BackOffice Small Business Server versions 4.0, 4.0a

SYMPTOMS

The TCP protocol assigns an initial sequence number to each connection. Prior to Service Pack 4, it is possible, through careful analysis, to determine the initial TCP sequence number for a specific Windows NT communications session. By predicting a TCP session's sequence number, it could be possible to disrupt the integrity of a communication session that does not provide its own session integrity. This is often referred to as "connection hijacking."

In Service Pack 4, the method of assigning sequence numbers to TCP session has changed to make them more unpredictable.


RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT version 4.0. For more information, please see the following article in the Microsoft Knowledge Base.

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack


STATUS

Microsoft has confirmed this to be a problem in Windows NT version 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 4.

Additional query words: security hijacking hijack tcp port connect connections ISN SYN

Keywords : NT4SP4Fea
Version : winnt:4.0,4.0a
Platform : winnt
Issue type : kbbug


Last Reviewed: April 3, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.