Hi, I just ran a port scan from www.vulnerabilities.org an came up with the following security warnings. I am using stock Dachstien CD rc5 with the following chains added to the end of ipfiter.conf.
# Router Call $IPCH -I input -i eth0 -p 17 -s x.x.17.145 -j DENY # Router Call $IPCH -I input -i eth0 -p 2 -s x.x.17.145 -j DENY # Broadcast meseges $IPCH -I input -i eth0 -p 17 -s 0/0 -d 255.255.255.255 -j DENY # Code Red $IPCH -I input -i eth0 -p 6 -y -s 0/0 -d x.x.17.149 :80 -j DENY Regarding the warning about port 9 shall I insert the following ipchins rule at the end of ipfilter.conf? $IPCH -I input -i eth0 -p 17 -s 0/0 -d 0/0 :9 -j DENY What can I do about the non random IP IDs? Thanks Robert ------------------------------------------------ Security Warning found on port general/tcp The remote host uses non-random IP IDs, that is, it is possible to predict the next value of the ip_id field of the ip packets sent by this host. An attacker may use this feature to determine if the remote host sent a packet in reply to another request. This may be used for portscanning and other things. Solution : Contact your vendor for a patch Risk factor : Low ----------------------------------------------- Vulnerability found on port discard (9/udp) It was possible to make the remote Ascend router reboot by sending it a UDP packet containing special data on port 9 (discard). A cracker may use this flaw to make your router crash continuously, preventing your network from working properly. Solution : filter the incoming UDP traffic coming to port 9. Contact Ascend for a solution. Risk factor : High <http://cgi.nessus.org/cve.php3?cve=CVE-1999-0060>CVE : CVE-1999-0060 _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
