This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Denial of Service: TCP Sequence Number Approximation Reset Denial of Service Vulnerab

I am running ASG 9.003 ( Latest)
I run Security Space Advanced Security Addit (It is the Paid Full Scale Audit) regularly and I noticed new vulnerabilities on my machine without much changes.
I assume Security Space added some detection and now I need to fix my ASG either with patches or better configuration.

Denial of Service: TCP Sequence Number Approximation Reset Denial of Service Vulnerability

general/tcp

Overview: The host is running TCP services and is prone to denial of service
vulnerability.

Vulnerability Insight:
The flaw is triggered when spoofed TCP Reset packets are received by the
targeted TCP stack and will result in loss of availability for the attacked
TCP services.

Impact:
Successful exploitation will allow remote attackers to guess sequence numbers
and cause a denial of service to persistent TCP connections by repeatedly
injecting a TCP RST packet.

Impact Level: System

Affected Software/OS:
TCP

Fix: Please see the referenced advisories for more information on obtaining
and applying fixes.

References:
4030: TCP/IP Sequence Prediction Blind Reset Spoofing DoS
ISS X-Force Database: tcp-rst-dos(15886): TCP spoofed reset denial of service
US-CERT Alert TA04-111A - Vulnerabilities in TCP
IBM IY55949: SECURITY: TCP CONNECTIONS MAY BE RESET CAUSING A DOS - United States
IBM IY55950: SECURITY: TCP CONNECTIONS MAY BE RESET CAUSING A DOS - United States
IBM IY62006: SECURITY: TCP CONNECTIONS MAY BE RESET CAUSING A DOS - United States
Microsoft Security Bulletin MS05-019 - Critical : Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
Microsoft Security Bulletin MS06-064 - Important : Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
TCP Vulnerabilities in Multiple Non-IOS Cisco Products  [Products & Services] - Cisco Systems
TCP Vulnerabilities in Multiple Non-IOS Cisco Products  [Products & Services] - Cisco Systems


This thread was automatically locked due to age.
Parents
  • It seems like this has been discussed here before, and that this was a false positive.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • It seems like this has been discussed here before, and that this was a false positive.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data