* CONFIG_PACKET_MMAP
@ 2002-09-20 13:45 Daniel Ahlberg
0 siblings, 0 replies; only message in thread
From: Daniel Ahlberg @ 2002-09-20 13:45 UTC (permalink / raw)
To: linux-kernel
I don't know if this is already known or if I'm wrong, but here it is:
I ran nessus on my local servers and for some hosts it reported:
"Vulnerability found on port general/tcp
The remote host seems to generate Initial Sequence Numbers
(ISN) in a weak manner which seems to solely depend
on the source and dest port of the TCP packets.
The Raptor Firewall is known to be vulnerable to this flaw,
as may others be.
An attacker may use this flaw to establish spoofed connections
to the remote host.
Solution : If you are using a Raptor Firewall, see
http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html
or else contact your vendor for a patch
Risk factor : High"
and
"Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low"
Since I didn't get this on all my hosts I began wondering what caused this. A
quick look at the config files showed that when the host had been compiled
with CONFIG_PACKET_MMAP=y nessus found these problems. All servers tested are
running 2.4.18 or 2.4.19.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-09-20 13:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-09-20 13:45 CONFIG_PACKET_MMAP Daniel Ahlberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).