Hello there,
This can be applied also to Firewall-1 (CheckPoint) running on an
HP-UX 10.X series.
bye bye
-- gg sullivan
--
Lorenzo Cavallaro
Intesis SECURITY LAB Phone: +39-2-671563.1
Via Settembrini, 35 Fax: +39-2-66981953
I-20124 Milano ITALY Email: sullivanat_private
On Tue, 1 Sep 1998, Roy Hills wrote:
> Date: Tue, 1 Sep 1998 09:55:24 +0100
> From: Roy Hills <Roy.Hills@NTA-MONITOR.COM>
> To: BUGTRAQat_private
> Subject: Borderware predictable initial TCP sequence numbers
>
> While performing an Internet security scan (aka penetration test) for a UK
> corporate customer, I've discovered that version 5 of Borderware Firewall
> generates predictable initial TCP sequence numbers in response to incoming
> SYNs. The observed pattern is the familiar "64k increments" often seen
> on older Unix kernels. This allows TCP connections to be established
> with a spoofed source address.
[snip]
>
> --
> Roy Hills Tel: 01634 721855
> NTA Monitor Ltd FAX: 01634 721844
> 6 Beaufort Court, Medway City Estate, Email: Roy.Hills@nta-monitor.com
> Rochester, Kent ME2 4FB, UK WWW: http://www.nta-monitor.com/
>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:47 PDT