COMMAND

	Filtering devices spotting

SYSTEMS AFFECTED

	ALL of packet filtering systems  included  commercial  embedded  devices
	(no unaffected system known at the moment)

PROBLEM

	Ed3f [ed3f@overminder.com] says :
	
	Multiple vendors' implementations of a packet filtering  engine  doesn't
	check the level 4 checksum.  This  could  be  used  by  an  attacker  to
	perform  an  active  analysis  of  a  firewall  ruleset   and   use   OS
	fingerprinting tools with firewall response packets.
	
	It's possible to spot a firewall by  sending  a  single  packet  with  a
	level 4 broken checksum if they are configured to  reply.  This  problem
	is present even if a transparent bridge is used.
	
	 Example: sending a TCP SYN you'll receive a RST-ACK.
	
	The complete study is available at:
	
	 http://www.phrack.org/phrack/60/p60-0x0c.txt
	

SOLUTION

	Disable reply.
	
	Apply the patch when available.