[fw-wiz] CIsco PIX vulnerable to TCP RST DOS attacks
From: Dario Calia (dario_calia_at_yahoo.com)
To: firstname.lastname@example.org Date: Wed, 5 May 2004 11:46:25 -0700 (PDT)
PIX can and has done this as well.
When upgraded the PIX will behave as described in the
following draft RFC.
>Apparently, Checkpoint can and did:
>"By upgrading to Check Point VPN-1/FireWall-1 R55
>HFA-03 or newer, customers
>are able to protect their entire network from this
>providing additional time and security until other
>systems and software can
>----- Original Message -----
>From: "Paul D. Robertson" <email@example.com>
>To: "Ahmed, Balal" <firstname.lastname@example.org>
>Sent: Wednesday, May 05, 2004 14:38
>Subject: Re: [fw-wiz] CIsco PIX vulnerable to TCP RST
>> On Wed, 5 May 2004, Ahmed, Balal wrote:
>> > If a PIX, or any other firewall/device for that
matter, is performing
>> > NAPT/Hide NAT/PAT/NAT then as far as the TCP
conversation is concerned
>> > a connection end point or a transit device ?
>> If it's a proxy, or a termination point for a
connection such as a VPN,
>> then it's an endpoint, if it's a filter or router,
then it's a transit
>> It's possible for stateful filters to "fix"
endpoint issues for this bug-
>> but it's not a default, and would have probably had
to have been added
>> since the original advisory went out. I'd like to
see the firewall
>> vendors who can step up and fix this one- it's a
perfect "we can fix this
>> without having folks update every system" thing
that firewalls SHOULD fix.
--- >> Paul D. Robertson "My statements in this message are personal opinions >> email@example.com which may have no basis whatsoever in fact." >> firstname.lastname@example.org Director of Risk Assessment TruSecure Corporation >> _______________________________________________ >> firewall-wizards mailing list >> email@example.com >> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards