************************ SECURITY ALERT ************************

Systems Affected

        100% of packet filtering systems included commercial
        embedded devices
        (no unaffected system known at the moment)

Risk

        low

Overview

        Multiple vendors' implementations of a packet filtering
        engine doesn't check the level 4 checksum.
        This could be used by an attacker to perform an active
        analysis of a firewall ruleset and use OS fingerprinting
        tools with firewall response packets.

Description

        It's possible to spot a firewall by sending a single packet
        with a level 4 broken checksum if they are configured to
        reply. This problem is present even if a transparent bridge
        is used.

        Example:
        sending a TCP SYN you'll receive a RST-ACK.

        The complete study is available at:
        http://www.phrack.org/phrack/60/p60-0x0c.txt

Solution

        Disable reply.
        Apply the patch when available.

************************* Ed3f ********************0x000002*

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]