Problem with Raptor Firewall

Raptor Firewalls use very predictable Initial Sequence Numbers. This makes it easier to spoof connections. This weakness can be used by an attacker to make a spoofed connection to the remote host. It is known that the Raptor Firewall is vulnerable, others may have the same problem. this problem is discovered by Ubizen (a leading Belgian software house)

Symantec has made a support page to describe this problem and offer a solution. Other Firewalls may also be vulnerable. Those users need to check for a patch for their product.

Components Affected source:http://www.symantec.com/techsupp/bul...2firewall.html

Raptor Firewall 6.5 (Windows NT)
Raptor Firewall V6.5.3 (Solaris)
Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)
Symantec Enterprise Firewall V7.0 (Solaris)
Symantec Enterprise Firewall 7.0 (Windows 2000 and NT)
VelociRaptor Model 500/700/1000
VelociRaptor Model 1100/1200/1300
Symantec Gateway Security 5110/5200/5300

solution for symantec products: read the info at http://www.symantec.com/techsupp/bul...2firewall.html and install the tcp hotfix (http://www.symantec.com/techsupp)

thanks victor! thats an interesting script they use. can't wait 'till monday to get to work and play with it. of course i could go in today and.....nah!
have you tried it?

Nope

Quote:

have you tried it?

Tedob1 do you mean: did you spoof a connection using that vulnerability?
hmmm [;)]
to solve the prob you can apply the patches available from symantec.
http://www.symantec.com/techsupp/enterprise/