thr3ads.net - Shorewall users - [Shorewall-users] Initial Sequence Numbers (ISN) vulnerability [Nov 2002]

If this information is useful, please help other people find it:
Share via:

Martinez, Mike (MHS-ACS)

2002-Nov-21 17:53 UTC

[Shorewall-users] Initial Sequence Numbers (ISN) vulnerability

FYI

On the ISN vulnerability I found a really good article on Initial Sequence
Numbers (ISN) vulnerability and according to this article all Linux Kernels
after 1996 are not affected by this vulnerability.

http://www.linuxsecurity.com/articles/security_sources_article-2968.html

I found another article that stated : 

Operating systems that have been reported to be safe from practical attacks
are: Cisco IOS, OpenBSD 2.8-current, FreeBSD 4.3-RELEASE, AIX, HP/UX 11i,
and all Linux Kernels after 1996.

It did say that Red Hat Linux 7.1''s mount package was vulnerable to
predictable initial sequence number attacks.


http://linux.oreillynet.com/pub/a/linux/2001/05/08/insecurities.html


Mike

-----Original Message-----
From: David Corbin [mailto:dcorbin@machturtle.com]
Sent: Wednesday, November 20, 2002 8:02 PM
To: Shorewall
Subject: [Shorewall-users] Thanks + Question


I''ve recently installed shorewall, because I introduced a DMZ to my
home
network, and I was having trouble figuring how to get iptables to do 
what I want.  Shorewall made it very easy, and very clear to me.  So 
first off, thanks.

Secondly, I have a question.  I had a friend run Nessus against my 
system.  It reported the following --

---start---

*Vulnerability found on port ssh (22/tcp)*


The remote host seems to generate Initial Sequence Numbers
(ISN) in a weak maner which seems to solely depend
on the source and dest port of the TCP packets.

The Raptor Firewall is known to be vulnerable to this flaw,
as may others be.

An attacker may use this flaw to establish spoofed connections
to the remote host.


Solution : If you are using a Raptor Firewall, see
http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.ht
ml
or else contact your vendor for a patch

Risk factor : High
---end---
1) Could Shorewall be contributing this problem?  I don''t understand 
what the role of a firewall is in generating ISNs.
2) Does shorewall implicitly defend against spoofing?

Thanks.

David

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

Maybe Matching Threads

Search for more apparently analagous threads

Shorewall users - Nov 2002 - Initial Sequence Numbers (ISN) vulnerability

[Shorewall-users] Initial Sequence Numbers (ISN) vulnerability

Maybe Matching Threads

Wisdom of the Ancients