TCP SYN packets which have the FIN flag set.

To: debian-security@lists.debian.org
Subject: TCP SYN packets which have the FIN flag set.
From: Luis Pérez Meliá <luisp.m@ono.com>
Date: Wed, 03 Nov 2004 18:38:05 +0100
Message-id: <1099503485.3095.4.camel@localhost>

Is this a serious problem?

When I pass Nessus:

Test ID:11618 View Source Category:Firewalls Title:Remote host replies to SYN+FIN Summary:Sends a SYN+FIN packet and expects a SYN+ACK Description:
The remote host does not discard TCP SYN packets which
have the FIN flag set.

Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.

See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113

Solution : Contact your vendor for a patch
Risk factor : Medium Cross-Ref:BugTraq ID: 7487

Thanks,

--

 .''`.     Luis Pérez Meliá
: :'  :    
`. `'`     
  `-  Debian GNU/Linux

Reply to:

Prev by Date: Re: Pseudo-cluster firewall
Next by Date: TCP SYN packets which have the FIN flag set.
Previous by thread: Re: Pseudo-cluster firewall
Next by thread: TCP SYN packets which have the FIN flag set.
Index(es):
- Date
- Thread