0

My professor told me that sequential IP sequence numbers is typical behavior of most IP stacks (and showed us examples of packet sniffers), but I thought IP sequence numbers are supposed to be randomly generated to avoid attacks?

Which one is it. I am taking a digital forensics class and I need to know how to differentiate "normal" tcp/ip stack traffic from "abnormal" traffic

user2158382
  • 4,430
  • 12
  • 55
  • 97

1 Answers1

0

Linux and Solaris are the two major offenders of predictable IP id's. I unfortunately have to run to a meeting right now so I can't explain but i'll try and remember to edit this with a better explanation when I get back. Most other OS's were patched over a decade ago to have psuedo random starting IP id's.

Eric
  • 2,056
  • 13
  • 11