Completely agree lol.

But that said a random number I would expect to go up and down, well randomly. But it doesn't, it increments each time... And as the description says it may be linked to the time and that increments it looks to me like a there a link..

Another interesting thought.

Back in December I received my first compliance scan results. I've just re-checked the report, it did highlight a number of weaknesses mostly related to SSL and crucially IT DID NOT HIGHLIGHT THIS FAULT.

Now I'm wondering if the upgrade to 3.6.8.2 introduced this fault (a regression bug?). I did the upgrade thinking a needed to be on the latest OS level to achieve compliance..

Can't take the router off line until the weekend to confirm my suspicion, but it's very odd it didn't appear on the December report.
Iain

A further update.

Reset the router back to 3.6.6.1.

Hay presto! No predictable TCP initial sequence numbers and more importantly I now have PCI/DSS compliance on my network.

Think you have a regression bug, but sorry for being a bit grumpy!

Iain

Sorry to resurrect this post, but thought I would like to add that I purchased a 2925 running 3.8.1 .

Unfortunately this problem is present on the 2925!!!!

I will report it to Draytek support officially, but Draytek what are you doing!

Guess the 2925 will be going back now!
Iain

Oops sorry, I mis-typed I'm running 3.8.2!

haywardi wrote: Guess the 2925 will be going back now!

Seems like a bit of an over-reaction. If it's a genuine problem, they'd likely fix it...