On Wed, Mar 22, 2000 at 02:25:16AM +1100, Darren Reed wrote:
The general gist of this problem is poorly implemented TCP connection
state tracking. You *must* track window sizes and sequence numbers
and acknowledgments to at least reduce the chance of any given TCP
packet from "outside"
Recieved from Darren Reed:
There have been many different ways in which it has been possible to
exercise this particular target, over the years. The general problem
here is that the PIX doesn't really provide connection security like
it should and if FW-1 is vulnerable to the same problem, then
In some mail from Andrew Alston, sie said:
[...]
On recieving a RST packet (TCP Reset) from a given host with the correct
source and destination port, the PIX will drop the state entry for that
particular connection, which means the tcp connection dies due to the fact
that no state entry the
A brief rundown of the problem.
If you run routable ips on your internal interface on your pix, and
routeable ips on your external interface, so the pix is not running nat,
the pix keeps a state table of everything going on. Anything that is not
in your state table that attempts to come in from