Denial of Service attack found on the ZONELABS PRO Firewall

Discussion in 'other firewalls' started by Ghost, Oct 17, 2002.

Thread Status:
Not open for further replies.
  1. Ghost

    Ghost Guest

    http://online.securityfocus.com/archive/1/295434/2002-10-13/2002-10-19/0

    "ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let the attacker consume
    all your CPU and Memory usage that would result to Denial of Service Attack through sending
    multiple syn packets / synflooding.

    Details:

    Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that would let the attacker
    consume all your CPU and Memory usage that would result to Denial of Service Attack through
    Synflooding that would cause the machine to stop from responding. Zone-Labs ZoneAlarm
    Pro 3.1.291 and 3.0 is also vulnerable with IP Spoofing. This Vulnerabilities are confirmed
    from the vendor.

    Test diagram:

    [*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host with ZoneAlarm]


    1] Tested under default install of the 2 versions after sending minimum of 300 Syn Packets
    to port 1-1024 the machine will hang-up until the attack stopped.

    2] We configured the ZoneAlarm firewall both version to BLOCK ALL traffic setting after sending
    a minimum of 300 Syn Packets to port 1-1024 the machine will hang-up until the attack
    stopped.

    Workaround:

    Disable ZoneAlarm and Hardened TCP/IP stack of your windows and Install latest Security
    patch."
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
Loading...
Thread Status:
Not open for further replies.