Bugtraq mailing list archives
Re: PIX DMZ Denial of Service - TCP Resets
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Wed, 22 Mar 2000 02:25:16 +1100
In some mail from Andrew Alston, sie said: [...]
On recieving a RST packet (TCP Reset) from a given host with the correct source and destination port, the PIX will drop the state entry for that particular connection, which means the tcp connection dies due to the fact that no state entry the external box can no longer talk to the internal box.
[...]
seq = rand() % time(NULL); /* Randomize our #'s */ ack = rand() % time(NULL); /* Randomize ack #'s */
[...] There have been many different ways in which it has been possible to exercise this particular target, over the years. The general problem here is that the PIX doesn't really provide connection security like it should and if FW-1 is vulnerable to the same problem, then I should be a millionaire (;-) by now. The general gist of this problem is poorly implemented TCP connection state tracking. You *must* track window sizes and sequence numbers and acknowledgments to at least reduce the chance of any given TCP packet from "outside" actually being part of that connection. Darren
Current thread:
- IE and Outlook 5.x allow executing arbitrary programs using .eml files Georgi Guninski (Mar 14)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles Sylwester Zarębski (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files David LeBlanc (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files Georgi Guninski (Mar 17)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files Ryan Russell (Mar 15)
- [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1 Katie Moussouris (Mar 15)
- Process hiding in linux Pavel Machek (Mar 15)
- Re: Process hiding in linux Peter W (Mar 17)
- PIX DMZ Denial of Service - TCP Resets Andrew Alston (Mar 20)
- vqserver /........../ Johan Nilsson (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Darren Reed (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Guido van Rooij (Mar 27)
- Re: Process hiding in linux Peter W (Mar 17)
- Re: Process hiding in linux Pavel Machek (Mar 20)
- Security Bulletins Digest Aleph One (Mar 20)
- Hide Drives does not work with OUTLOOK 98. jhw1970 () HOTMAIL COM (Mar 22)
- Re: Process hiding in linux egmont () FAZEKAS HU (Mar 22)