100% of packet filtering systems included commercial
embedded devices
(no unaffected system known at the moment)
Risk
low
Overview
Multiple vendors' implementations of a packet filtering
engine doesn't check the level 4 checksum.
This could be used by an attacker to perform an active
analysis of a firewall ruleset and use OS fingerprinting
tools with firewall response packets.
Description
It's possible to spot a firewall by sending a single packet
with a level 4 broken checksum if they are configured to
reply. This problem is present even if a transparent bridge
is used.
Example:
sending a TCP SYN you'll receive a RST-ACK.
The complete study is available at:
http://www.phrack.org/phrack/60/p60-0x0c.txt
************************ SECURITY ALERT ************************
Systems Affected
100% of packet filtering systems included commercial
embedded devices
(no unaffected system known at the moment)
Risk
low
Overview
Multiple vendors' implementations of a packet filtering
engine doesn't check the level 4 checksum.
This could be used by an attacker to perform an active
analysis of a firewall ruleset and use OS fingerprinting
tools with firewall response packets.
Description
It's possible to spot a firewall by sending a single packet
with a level 4 broken checksum if they are configured to
reply. This problem is present even if a transparent bridge
is used.
Example:
sending a TCP SYN you'll receive a RST-ACK.
The complete study is available at:
http://www.phrack.org/phrack/60/p60-0x0c.txt
Solution
Disable reply.
Apply the patch when available.
************************* Ed3f ********************0x000002*
[ reply ]