Bugtraq mailing list archives
Filtering devices spotting
From: "Ed3f" <ed3f () overminder com>
Date: Wed, 1 Jan 2003 14:27:08 +0100
************************ SECURITY ALERT ************************ Systems Affected 100% of packet filtering systems included commercial embedded devices (no unaffected system known at the moment) Risk low Overview Multiple vendors' implementations of a packet filtering engine doesn't check the level 4 checksum. This could be used by an attacker to perform an active analysis of a firewall ruleset and use OS fingerprinting tools with firewall response packets. Description It's possible to spot a firewall by sending a single packet with a level 4 broken checksum if they are configured to reply. This problem is present even if a transparent bridge is used. Example: sending a TCP SYN you'll receive a RST-ACK. The complete study is available at: http://www.phrack.org/phrack/60/p60-0x0c.txt Solution Disable reply. Apply the patch when available. ************************* Ed3f ********************0x000002*
Current thread:
- Filtering devices spotting Ed3f (Jan 01)
- Re: Filtering devices spotting Darren Reed (Jan 02)