Hi, what are you using to analize the traffic? symantec? if that's the case, looks like its a false positive from 2002.... do you have any snort alert?
regards, 2015-07-30 14:54 GMT-03:00 Ted Byers <[email protected]>: > How do we deal with this: > > TCP/IP Initial Sequence Number (ISN) Reuse Weakness > > This was identified in our pfsense virtual machines. Here is the remainder > of the report: > > Synopsis > The remote device seems to generate predictable TCP Initial Sequence > Numbers. > Description > The remote host seems to generate Initial Sequence Numbers (ISN) in a weak > manner which seems to solely depend > on the source and dest port of the TCP packets. > An attacker may exploit this flaw to establish spoofed connections to the > remote host. > 95 > The Raptor Firewall and Novell NetWare are known to be vulnerable to this > flaw, although other network devices may > be vulnerable as well. > See Also > http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html > http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html > Solution > If you are using a Raptor Firewall, install the TCP security hotfix > described in Symantec's advisory. Otherwise, contact > your vendor for a patch. > Risk Factor > High > CVSS Base Score > 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) > CVSS Temporal Score > 5.5 (CVSS2#E:U/RL:OF/RC:C) > References > BID 5387 > BID 8652 > CVE CVE-2002-1463 > XREF OSVDB:199 > > How do we deal with this. This was on pfsense v 2.2.4 > > Thanks > > Ted > > -- > R.E.(Ted) Byers, Ph.D.,Ed.D. <[email protected]> > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
