Check or Attack Name: tcppred

The TCP sequence was found to be predictable. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from trusted machines. These forged packets can compromise services, such as rsh and rlogin, because their authentication is based on IP addresses. The percentage guessed is the likelihood that an attacker could predict the sequence and compromise the system.

Ask your vendor for patches to correct TCP sequence prediction. Note that some patches make sequence prediction more difficult, but still possible. As a result, the host may continue to report this vulnerability.

For Windows NT, apply Service Pack 3 or later, which improves (but does not fully correct) Windows NT's sequence predictability. As a result, the Windows NT machines may continue to report this vulnerability.

Windows: Apply the latest Windows NT 4.0 Service Pack.

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

Hewlett-Packard: HP-UX 9.0 users can obtain and apply patch ID PHNE_14212 at http://us-support.external.hp.com/wpsl/bin/doc.pl/ . Note: Requires no-cost password to access Patch Database.

CERT Advisory CA-95.01, IP Spoofing Attacks and Hijacked Terminal Connections, http://www.cert.org/advisories/CA-95.01.IP.spoofing.attacks.and.hijacked.terminal.connections.html

Microsoft Knowledge Base Article Q192292, Unpredictable TCP Sequence Numbers in SP4, http://support.microsoft.com/support/kb/articles/q192/2/92.asp