This procedure ensures that the TCP initial sequence number generation parameter complies with Defending against Sequence Number Attacks (https://www.rfc-editor.org/info/rfc6528).
Before You Begin
You must become an administrator who is assigned the solaris.admin.edit/etc.default/inetinit authorization. By default, the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# grep TCP_STRONG /etc/default/inetinit # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: TCP_STRONG_ISS=2
# pfedit /etc/default/inetinit TCP_STRONG_ISS=2
# /usr/sbin/reboot