OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Te Smith (tsmith_at_zonelabs.com)
Date: Wed Oct 16 2002 - 20:45:03 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20021016144639.56762.qmailmail.com>

    We have been unable to reproduce NSSI&#8217;s findings using the information
    they supplied. We communicated our inability to verify the test results
    to NSSI and continue to test possible scenarios.

    Bottom line:
    1) The alleged behavior does not represent a security vulnerability.
    NSSI only alleges that under very limited circumstances involving a very
    heavy SYN flood with spoofed packets, a PC protected by ZoneAlarm Pro
    might slow down.
    2) None of the alleged behavior would put user data at risk.
    3) None of the alleged behavior would cause the protected PC to crash.
    4) This attack scenario is unrealistic because according to NSSI, it
    requires that the attack comes from within a LAN behind a &#8220;10/100mbps
    switch&#8221;. According to NSSI&#8217;s report, once the attack stops, the PC
    functions normally once again. Under almost all circumstances, a common
    Internet connection (dial-up, cable or DSL connection) does not have
    enough bandwidth to trigger this inconvenience. We did find some slow-down
    on very fast networks and will address these issues in our next product
    release.
    5) Our tests show that ZoneAlarm and ZoneAlarm Pro actually reduce
    the vulnerability to most DoS attacks significantly because our products
    prevent Windows from responding to this illegitimate traffic.
    6) Neither ZoneAlarm nor ZoneAlarm Pro are designed to protect server
    platforms. The following supported platform list applies to both
    ZoneAlarm and ZoneAlarm Pro:
    http://www.zonelabs.com/store/content/support/znalmGeneralFAQ.jsp#9general
     
    We appreciate NSSI&#8217;s efforts to track this issue and are looking forward
    to working with them as we have in the past.

    Rgds, Te

    Te Smith
    Director, Corporate Communications
    tsmithzonelabs.com
    415-341-8233 (v)
    415-341-8299 (f)