Developers Documentation



301 error for file:

User Tools

Site Tools

TCP reset using approximate sequence number

This entry from Security Metrics is followed up with the following CVE: CVE-2004-0230.

ClearCenter response

Short response

This attack vector is not a particular threat because our implementation does not use services that are particularly vulnerable. No actionable work to be done.

Long response

The attack described in this CVE is difficult to implement because the attacker would need the following information:

  • The source IP (easy enough)
  • The destination IP
  • The port number
  • The sequence number

This attack pretty much requires a man-in-the middle attack. When this threat came out paranoia reigned supreme. CNN, for example, ran a story that this 'flaw' could shut down the internet…and yet the Internet remains. By and large, upstream routers and ClearOS' Intrusion Prevention Systems watch for and protect the information required to implement this attack.

You can read more about this in this very well formed statement on the matter:


If your site is using BGP, we suggest that you use MD5 or other encryption between your peers for the BGP messaging. Likely you are not using BGP and if you are, your provider likely already requires encryption in your configuration.

To ensure particular vectors or iterations of this vulnerability are not viable against ClearOS, ensure that you are using and subscribed to ClearCenter Intrusion Prevention updates.

Additionally, ensure that any long-lasting, persistent connections are properly firewalled in the ClearOS Custom Firewall Rules set where applicable.

content/en_us/kb_3rdparty_security_metrics_tcp_reset_using_approximate_sequence_number.txt · Last modified: 2015/01/29 09:52 (external edit)