Microsoft KB Archive/192292

= Unpredictable TCP Sequence Numbers in SP4 =

Article ID: 192292

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft BackOffice Small Business Server 4.0
 * Microsoft BackOffice Small Business Server 4.0a

-



This article was previously published under Q192292



SYMPTOMS
The TCP protocol assigns an initial sequence number to each connection. Prior to Service Pack 4, it is possible, through careful analysis, to determine the initial TCP sequence number for a specific Windows NT communications session. By predicting a TCP session's sequence number, it could be possible to disrupt the integrity of a communication session that does not provide its own session integrity. This is often referred to as "connection hijacking."

In Service Pack 4, the method of assigning sequence numbers to TCP session has changed to make them more unpredictable.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT version 4.0. For more information, please see the following article in the Microsoft Knowledge Base.

152734 How to Obtain the Latest Windows NT 4.0 Service Pack



STATUS
Microsoft has confirmed this to be a problem in Windows NT version 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 4.

Additional query words: security hijacking hijack tcp port connect connections ISN SYN

Keywords: kbhotfixserver kbqfe kbbug kbfea kbfix KB192292

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.