Re: sygate personal firewall (?)

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Settembre 2002 ml@sikurezza.org
Soggetto: Re: sygate personal firewall (?)
Mittente: D'Amato Luigi
Data: 27 Sep 2002 22:50:17 -0000

Ultima vulerabilità riscontrata in Sygate 5.0 penso ti possa interessare

      Sygate Personal Firewall 5.0 is a host-based Firewall designed to
protect your PC against attacks from both the Internet, and other computers
in the local network.
      Sygate Personal Firewall 5.0 for windows platform contains IP Spoofing
vulnerability. This vulnerability could allow an attacker with a source IP
of 127.0.0.1 to Attack the host protected by Sygate Personal firewall
without being detected. Sygate Personal firewall is having problem detecting
incoming traffic with source IP 127.0.0.1 (loopback address).


       Details
      Vulnerable systems:
       * Sygate Personal Firewall version 5.0

      Test diagram:
      [*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps
switch===> [Host with SPF]

      1] IP Spoofing Vulnerability Default Installation
       - SPF is vulnerable with IP Spoofing attack by Scanning the host with
a source IP address 127.0.0.1 or network address 127.0.0.0. The Attacker
could scan or attack the target host without being detected by the personal
firewall. This vulnerability is very serious w/c an attacker could start a
Denial of Service attack against the SPF protected host and launch any form
of attack.

       - To those who wants to try to simulate the vulnerability, you may
use source address 127.0.0.1 - 127.0.0.255.

      Workaround:
      1] Set the SPF to BLOCK ALL mode setting which Abraham does not think
the user would do. This type of setting would block everything all incoming
request and outgoing.

      2] Block source address 127.0.0.1 or 127.0.0.0 network address
manually in Advance rules section.




D'Amato Luigi
Area Security, Wireless, Linux www.networkingitalia.it
Area Security www.securityinfos.com


______________________________________________________________________
Mio Yahoo!: personalizza Yahoo! come piace a te 
http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Messaggi successivi:
- Re: sygate personal firewall (?), Dido

In risposta a:
- sygate personal firewall (?), Andrea Vecchio

Data:
- precedente: Re: sygate personal firewall (?), Zen
- successivo: Re: Syslog Centralizzato, con Windows come si fa?, Enrico Sorge
- indice

Argomento:
- precedente: Re: sygate personal firewall (?), Zen
- successivo: Re: sygate personal firewall (?), Dido
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005