Re: [pfSense] weakness reported by scanner in pfsense
On Thu, Jul 30, 2015 at 12:54 PM, Ted Byers wrote: > How do we deal with this: > > TCP/IP Initial Sequence Number (ISN) Reuse Weakness > Ask your scanner vendor. That check blindly trusts OS identification in a case where it's just making a guess at the OS (of OpenBSD 4.0 as the closest match, but not that close of a match). It's a false positive. https://forum.pfsense.org/index.php?topic=88601.0 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] weakness reported by scanner in pfsense
Hi, what are you using to analize the traffic? symantec? if that's the case, looks like its a false positive from 2002 do you have any snort alert? regards, 2015-07-30 14:54 GMT-03:00 Ted Byers : > How do we deal with this: > > TCP/IP Initial Sequence Number (ISN) Reuse Weakness > > This was identified in our pfsense virtual machines. Here is the remainder > of the report: > > Synopsis > The remote device seems to generate predictable TCP Initial Sequence > Numbers. > Description > The remote host seems to generate Initial Sequence Numbers (ISN) in a weak > manner which seems to solely depend > on the source and dest port of the TCP packets. > An attacker may exploit this flaw to establish spoofed connections to the > remote host. > 95 > The Raptor Firewall and Novell NetWare are known to be vulnerable to this > flaw, although other network devices may > be vulnerable as well. > See Also > http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html > http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html > Solution > If you are using a Raptor Firewall, install the TCP security hotfix > described in Symantec's advisory. Otherwise, contact > your vendor for a patch. > Risk Factor > High > CVSS Base Score > 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) > CVSS Temporal Score > 5.5 (CVSS2#E:U/RL:OF/RC:C) > References > BID 5387 > BID 8652 > CVE CVE-2002-1463 > XREF OSVDB:199 > > How do we deal with this. This was on pfsense v 2.2.4 > > Thanks > > Ted > > -- > R.E.(Ted) Byers, Ph.D.,Ed.D. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] weakness reported by scanner in pfsense
How do we deal with this: TCP/IP Initial Sequence Number (ISN) Reuse Weakness This was identified in our pfsense virtual machines. Here is the remainder of the report: Synopsis The remote device seems to generate predictable TCP Initial Sequence Numbers. Description The remote host seems to generate Initial Sequence Numbers (ISN) in a weak manner which seems to solely depend on the source and dest port of the TCP packets. An attacker may exploit this flaw to establish spoofed connections to the remote host. 95 The Raptor Firewall and Novell NetWare are known to be vulnerable to this flaw, although other network devices may be vulnerable as well. See Also http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html Solution If you are using a Raptor Firewall, install the TCP security hotfix described in Symantec's advisory. Otherwise, contact your vendor for a patch. Risk Factor High CVSS Base Score 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSS Temporal Score 5.5 (CVSS2#E:U/RL:OF/RC:C) References BID 5387 BID 8652 CVE CVE-2002-1463 XREF OSVDB:199 How do we deal with this. This was on pfsense v 2.2.4 Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold