TCP Sequence Number Randomization.

TCP Sequence Number Randomization is a security mechanism that helps protect against TCP-based attacks such as session hijacking by randomizing the initial sequence number (ISN) in the TCP header. In AWS, you can implement this through several approaches, but the AWS native firewall services like AWS Network Firewall or Security Groups don't offer direct control over TCP sequence numbers.

Use a Custom Proxy Solution

You can implement a custom TCP proxy using EC2 instances, which intercepts TCP connections and randomizes the sequence numbers before forwarding the traffic to its destination. For example, custom firewall software like iptables with certain modules, or using tools like HAProxy, can randomize the sequence numbers.

• iptables: You can configure iptables rules on an EC2 instance acting as a firewall to modify TCP packets, but it might require deep customization and potential kernel-level modifications.
• HAProxy: If you use HAProxy as a reverse proxy, it can manage TCP sessions and abstract some connection details, which might help mitigate TCP-based attacks.

And also, please check with Suricata whether they support this because AWS Network Firewall do support the Suritcata Rules. You can import the suricata based rules to your Network Firewall.

Hi,

Thanks for the suggestion i will use the haproxy. Is there any special setting is required for haproxy or normal haproxy setting can able to mitigate the issue.

Thanks