Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Network Appliances :: sb5900.htm

Filtering devices spotting
2nd Jan 2003 [SBWID-5900]

	Filtering devices spotting


	ALL of packet filtering systems  included  commercial  embedded  devices
	(no unaffected system known at the moment)


	Ed3f [] says :
	Multiple vendors' implementations of a packet filtering  engine  doesn't
	check the level 4 checksum.  This  could  be  used  by  an  attacker  to
	perform  an  active  analysis  of  a  firewall  ruleset   and   use   OS
	fingerprinting tools with firewall response packets.
	It's possible to spot a firewall by  sending  a  single  packet  with  a
	level 4 broken checksum if they are configured to  reply.  This  problem
	is present even if a transparent bridge is used.
	 Example: sending a TCP SYN you'll receive a RST-ACK.
	The complete study is available at:


	Disable reply.
	Apply the patch when available.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH