How do we deal with this: TCP/IP Initial Sequence Number (ISN) Reuse Weakness
This was identified in our pfsense virtual machines. Here is the remainder of the report: Synopsis The remote device seems to generate predictable TCP Initial Sequence Numbers. Description The remote host seems to generate Initial Sequence Numbers (ISN) in a weak manner which seems to solely depend on the source and dest port of the TCP packets. An attacker may exploit this flaw to establish spoofed connections to the remote host. 95 The Raptor Firewall and Novell NetWare are known to be vulnerable to this flaw, although other network devices may be vulnerable as well. See Also http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html Solution If you are using a Raptor Firewall, install the TCP security hotfix described in Symantec's advisory. Otherwise, contact your vendor for a patch. Risk Factor High CVSS Base Score 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSS Temporal Score 5.5 (CVSS2#E:U/RL:OF/RC:C) References BID 5387 BID 8652 CVE CVE-2002-1463 XREF OSVDB:199 How do we deal with this. This was on pfsense v 2.2.4 Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. <[email protected]> _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
