************************ SECURITY ALERT ************************ Systems Affected 100% of packet filtering systems included commercial embedded devices (no unaffected system known at the moment) Risk low Overview Multiple vendors' implementations of a packet filtering engine doesn't check the level 4 checksum. This could be used by an attacker to perform an active analysis of a firewall ruleset and use OS fingerprinting tools with firewall response packets. Description It's possible to spot a firewall by sending a single packet with a level 4 broken checksum if they are configured to reply. This problem is present even if a transparent bridge is used. Example: sending a TCP SYN you'll receive a RST-ACK. The complete study is available at: http://www.phrack.org/phrack/60/p60-0x0c.txt Solution Disable reply. Apply the patch when available. ************************* Ed3f ********************0x000002*
This archive was generated by hypermail 2b30 : Wed Jan 01 2003 - 12:42:09 PST