|
COMMAND Sygate Personal Firewall IP Spoofing Vulnerability SYSTEMS AFFECTED Sygate Personal Firewall 5.0 PROBLEM In Abraham Lincoln Hao [abraham@nssolution.com] and SunNinja [SunNinja@Scientist.com] advisory [NSSI-2002-sygatepfw5] : --snipp-- - SPF is vulnerable with IP Spoofing attack by Scanning the host with a source ip address 127.0.0.1 or network address 127.0.0.0. The Attacker could scan or attack the target host without being detected by the personal firewall. This vulnerability is very serious w/c an attacker could start a Denial of Service attack against the spf protected host and launch any form of attack. - To those who wants to try to simulate the vulnerability, you may use source address 127.0.0.1 - 127.0.0.255 ;) --snipp-- SOLUTION Patch: ===== Check : http://www.sygate.Com Workaround: ========== 1] Set the SPF to BLOCK ALL mode setting which i don't think the user would do ;) This type of setting would block everything all incoming request and outgoing. 2] Block source address 127.0.0.1 or 127.0.0.0 network address manually in Advance