Initial sequence numbers definition
The initial sequence numbers are a unique identifier assigned to the first byte in a new Transmission Control Protocol (TCP) session. It is established during the initiation of a TCP connection via the three-way handshake.
This number is used to track the sequence of the bytes sent over the connection so that they can be reassembled in the correct order at the receiver's end, ensuring data integrity and a reliable connection. The selection of the ISN is often randomized to enhance security and prevent potential TCP sequence prediction attacks.
See also: man-in-the-middle attack, TCP wrapper, TCP handshake, TCP reset attack
Dangers associated with ISN
Improper implementation or vulnerabilities in the ISN generation process lead to several dangers.
- TCP sequence prediction attack.
- If the attackers predict the next ISN in a TCP communication sequence, they can intercept and take control of the session.
- Alternatively, once the attackers predict the ISN, they can inject malicious data into an active TCP session and impersonate one of the communicating parties.
- Denial-of-service (DoS) attack.
- Predictable ISNs can be exploited in SYN flood attacks — a DoS attack that exhausts resources on the target server by initiating numerous TCP connections via spoofed IP addresses.
- Man-in-the-middle (MitM) attacks.
- By exploiting predictable ISNs, attackers can position themselves between the communicating parties to intercept and alter the data in transit.
- Connection reset attack.
- An attacker with knowledge of the active ISN can send a packet with the RST flag set, forcing the connection to reset and causing disruption in communication.