[ale] TCP Sequence Number Approximation Vulnerability

Michael H. Warfield mhw at WittsEnd.com
Wed Mar 16 11:55:09 EDT 2011


On Wed, 2011-03-16 at 11:30 -0400, Chris Fowler wrote: 
> In this case the device is an embedded Linux device and the scan was
> done externally.  Most of their issues I've addressed using IP tables
> and blocking their access to the web server.

If it's an embedded device, it's even less likely to be running BGP or a
persistent TCP based tunnel, although the later is more likely to be the
former.

BGP is sensitive to these things because the sessions are very long
lived and the endpoints are generally well known but I just can not
imagine them running a BGP session on such a device.

> I could upgrade the kernel up to the last version of 2.4 but can not go
> into 2.6.  This device will not support it but I'm working on a new
> device.

> I'm having not much luck finding out if the 2.4.X or even the 2.6.X
> kernel addresses the issue their scanner is seeing.

2.6 almost certainly improves on this but there's also a chance it's a
false positive and it's most certain it's not running any impacted
services and it's only a transient, minor, DoS.

> Chris

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110316/73395efd/attachment.bin 


More information about the Ale mailing list