Hello there, This can be applied also to Firewall-1 (CheckPoint) running on an HP-UX 10.X series. bye bye -- gg sullivan -- Lorenzo Cavallaro Intesis SECURITY LAB Phone: +39-2-671563.1 Via Settembrini, 35 Fax: +39-2-66981953 I-20124 Milano ITALY Email: sullivanat_private On Tue, 1 Sep 1998, Roy Hills wrote: > Date: Tue, 1 Sep 1998 09:55:24 +0100 > From: Roy Hills <Roy.Hills@NTA-MONITOR.COM> > To: BUGTRAQat_private > Subject: Borderware predictable initial TCP sequence numbers > > While performing an Internet security scan (aka penetration test) for a UK > corporate customer, I've discovered that version 5 of Borderware Firewall > generates predictable initial TCP sequence numbers in response to incoming > SYNs. The observed pattern is the familiar "64k increments" often seen > on older Unix kernels. This allows TCP connections to be established > with a spoofed source address. [snip] > > -- > Roy Hills Tel: 01634 721855 > NTA Monitor Ltd FAX: 01634 721844 > 6 Beaufort Court, Medway City Estate, Email: Roy.Hills@nta-monitor.com > Rochester, Kent ME2 4FB, UK WWW: http://www.nta-monitor.com/ >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:47 PDT