no random-sequence-number

Question

Hi,&nbsp;
Can we configure on F5 anything like "no random-sequence-number"? This is used in ACE load balancers.&nbsp;
The purpose for random-sequence-number is explained below.&nbsp;
Randomizing TCP sequence numbers adds a measure of security to TCP connections by making it more difficult for a hacker to guess or predict the next sequence number in a TCP connection. This feature is enabled by default. To enable TCP sequence number randomization after it has been disabled, use the random-sequence-number command in parameter map connection configuration mode.&nbsp;
Is there any option on F5 to implement such thing?&nbsp;

lpl · Answer

Hi,&nbsp;
This is disabled by default on BIG-IP when using a Virtual Server with a fastL4 profile. 
You can enable it by creating a custom fastL4 profile and select: "Generate Initial Sequence Number".
This feature refers to RFC1948&nbsp;
Kind regards&nbsp;

Forum Discussion

no random-sequence-number

1 Reply

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

TCP Internals: 3-way Handshake and Sequence Numbers Explained

TCP 3-WAY Handshake vs TCP Half-Open

ratio load balancing using rand function

Implementing The Exponential Backoff Algorithm To Thwart Dictionary Attacks

Advanced iRules: Binary Scan