As an update to my post about NT Predictable Initial TCP Sequence numbers in NT 4 SP4 on 24 August, I've finally got around to running the TCP sequence number tests on NT 4.0 SP5. Here are my findings: SP5 has the same "one-per-millisecond" increment pattern as SP3 and previous releases. So it appears that the change introduced in SP4 to make the initial TCP sequence less predictable (but which didn't help and may have even made the sequence _more_ predictable - see my previous post for details) was taken out of SP5. I've also recently seen a totally different NT initial TCP sequence number pattern which consists of small positive increments (just like SP4) multiplied by 64,000. I think that this could be a post-SP4 hotfix, but I haven't confirmed this yet. I'll post an update when I have more information about this. Roy Hills NTA Monitor Ltd -- Roy Hills Tel: +44 1634 721855 NTA Monitor Ltd FAX: +44 1634 721844 6 Beaufort Court, Medway City Estate, Email: Roy.Hills@nta-monitor.com Rochester, Kent ME2 4FB, UK WWW: http://www.nta-monitor.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:45 PDT