COMMAND

	
		Sygate Personal Firewall IP Spoofing Vulnerability
	
	

SYSTEMS AFFECTED

	
		Sygate Personal Firewall 5.0
	
	

PROBLEM

	
		In   Abraham   Lincoln   Hao   [abraham@nssolution.com]   and   SunNinja
		[SunNinja@Scientist.com] advisory [NSSI-2002-sygatepfw5] :
		

		--snipp--
		

		- SPF is vulnerable with IP Spoofing attack by Scanning the host with  a
		source ip address 127.0.0.1 or network address 127.0.0.0.  The  Attacker
		could scan or attack the target  host  without  being  detected  by  the
		personal firewall. This vulnerability is very serious  w/c  an  attacker
		could start a Denial of Service attack against the  spf  protected  host
		and launch any form of attack.
		

		- To those who wants to try to simulate the vulnerability, you  may  use
		source address 127.0.0.1 - 127.0.0.255 ;)
		

		--snipp--
	
	

SOLUTION

	
		 Patch:

		 =====

		

		Check : http://www.sygate.Com
		

		 Workaround:

		 ==========

		

		 1] Set the SPF to BLOCK ALL mode setting which i don't think the user would do ;) 

		    This type of setting would block everything all incoming request and outgoing.

		

		 2] Block source address 127.0.0.1 or 127.0.0.0 network address manually in Advance