Could be reaching here but...
Does anyone have a fix for a "Statistical Weaknesses in TCP/IP
Initial Sequence Numbers" running on RedHat/CentOS 7 ???
Below is a snippet of a testing service result used by a credit card company telling me my firewall has this weakness. When searching through the articles at RedHat and Ubuntu forums they seem to poo poo the weakness, as at worst case, an attacker could only see one side of the packet transmission by guessing the sequence of the next packet and inject data into the session stream causing a reset of the network which would be handled by TCP dropping the packets without acknowledgement and reestablishing the connection after a network reset. It appears that larger window sizes in this stream can be more vulnerable.
A better description of the presumed weakness can be found here:
https://resources.sei.cmu.edu/asset_...001_496192.pdf
where you would search for CA-2001-09.
I can't get "certified" without some change to the TCP/IP stack it appears???
SNIPPET
Constant changes in initial sequence numbers observed in 21 out of 23 events.
[ Sent Packets Results ]
Packet 1 : TIME[1565914687.623586] SEQ[2969907
418] CHANGE[N/A] VARIATION[N/A]
Packet 2 : TIME[1565914687.628568] SEQ[2988781
196] CHANGE[18873778] VARIATION[N/A]
Packet 3 : TIME[1565914687.633579] SEQ[3007654
974] CHANGE[18873778] VARIATION[0]
Packet 4 : TIME[1565914687.638578] SEQ[3026528
752] CHANGE[18873778] VARIATION[0]
Packet 5 : TIME[1565914687.643564] SEQ[3045402
530] CHANGE[18873778] VARIATION[0]
Packet 6 : TIME[1565914687.648570] SEQ[3064276
308] CHANGE[18873778] VARIATION[0]
Packet 7 : TIME[1565914687.653565] SEQ[3083150
086] CHANGE[18873778] VARIATION[0]
Packet 8 : TIME[1565914687.663571] SEQ[3120897
642] CHANGE[37747556] VARIATION[18873778]
Packet 9 : TIME[1565914687.658571] SEQ[3102023
864] CHANGE[18873778] VARIATION[18873778]
Packet 10 : TIME[1565914687.668566] SEQ[313977
1420] CHANGE[37747556] VARIATION[18873778]
Packet 11 : TIME[1565914687.673565] SEQ[315864
5198] CHANGE[18873778] VARIATION[18873778]
Packet 12 : TIME[1565914687.678571] SEQ[317751
8976] CHANGE[18873778] VARIATION[0]
Packet 13 : TIME[1565914687.683572] SEQ[319639
2754] CHANGE[18873778] VARIATION[0]
Packet 14 : TIME[1565914687.688572] SEQ[321526
6532] CHANGE[18873778] VARIATION[0]
Packet 15 : TIME[1565914687.693567] SEQ[323414
0310] CHANGE[18873778] VARIATION[0]
Packet 16 : TIME[1565914687.698572] SEQ[325301
4088] CHANGE[18873778] VARIATION[0]