Ubizen, a leading Managed Service Solutions Provider, notified Symantec of a problem Ubizen discovered with the manner in which the security module on the Symantec Enterprise Firewall randomizes the TCP Initial Sequence Numbers (ISN) for each new connection. As an optimization feature, the security module reuses the same TCP ISN for a short time after the initial connection is closed. During this brief period, an attacker who could capture the initial TCP handshake of an earlier session from a valid IP could potentially "spoof" a valid one-way conversation from a legitimate IP address
Thanks for your feedback. Let us know if you have additional comments below. (requires login)