Sygate PF v5.0 IP Spoofing Vulnerability

Discussion in 'other firewalls' started by Paul Wilders, Sep 17, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K Professional

    Vendor Status: Vendor already accepted the vulnerability and they will be releasing new version to Patch the vulnerability

    Vendors website:
    Severity: High

    Sygate Personal Firewall 5.0 is a host-based Firewall designed to protect your PC against attacks from both the Internet, and other computers in the local network.

    Sygate Personal Firewall 5.0 for windows platform contains IP Spoofing vulnerability. These vulnerability could allow an attacker with a source IP of to Attack the host protected by Sygate Personal firewall without being detected. Sygate Personal firewall is having problem detecting incoming traffic with source ip (loopback address)

    Test diagram:
    deleted - Forum Admin

    - SPF is vulnerable with IP Spoofing attack by Scanning the host with a source ip address or network address The Attacker could scan or attack the target host without being detected by the personal firewall. This vulnerability is very serious w/c an attacker could start a Denial of Service attack against the spf protected host and launch any form of attack.

    - To those who wants to try to simulate the vulnerability, you may use source address - ;)


    1] Set the SPF to BLOCK ALL mode setting which most probably the user would do ;) This type of setting would block everything all incoming request and outgoing.

    2] Block source address or network address manually in Advance rules section.


    source: HNN
Thread Status:
Not open for further replies.