Hi,

I have a client who has regular security scans done by their bank/credit card processor. Since upgrading their router to a newer model (Vigor2860n 3.8.2_VT2) they are getting a vulnerability error.

"Predictable TCP Initial Sequence Numbers Vulnerability -

THREAT:
This server uses TCP/IP implementation that respects the "64K rule", or a "time dependent rule" for generating TCP sequence numbers. Unauthorized users can predict
sequence numbers when two hosts are communicating, and connect to your server from any source IP address. The only difference with a legitimate connection is that
the attacker will not see the replies sent back to the authorized user whose IP was forged."

Any ideas on this issue?

Yes, just had the same thing on a 2850.

It looks to me to be a bug in the latest firmware, I downgraded my firmware to 3.6.6.1 and no more Predictable TCP initial sequence numbers and I now have compliance!

Iain