Zone Labs BugTraq vulnerability response

Discussion in 'other firewalls' started by marti, Oct 17, 2002.

Thread Status:
Not open for further replies.
  1. marti

    marti Registered Member

    Mar 25, 2002
    Houston, Texas, USA
    We have been unable to reproduce NSSI's findings using the information they
    supplied. We communicated our inability to verify the test results to NSSI
    and continue to test possible scenarios.

    Bottom line:
    1) The alleged behavior does not represent a security vulnerability.
    NSSI only alleges that under very limited circumstances involving a very
    heavy SYN flood with spoofed packets, a PC protected by ZoneAlarm Pro might
    slow down.
    2) None of the alleged behavior would put user data at risk.
    3) None of the alleged behavior would cause the protected PC to crash.
    4) This attack scenario is unrealistic because according to NSSI, it
    requires that the attack comes from within a LAN behind a "10/100mbps
    switch". According to NSSI's report, once the attack stops, the PC functions
    normally once again. Under almost all circumstances, a common Internet
    connection (dial-up, cable or DSL connection) does not have enough bandwidth
    to trigger this inconvenience. We did find some slow-down on very fast
    networks and will address these issues in our next product release.
    5) Our tests show that ZoneAlarm and ZoneAlarm Pro actually reduce the
    vulnerability to most DoS attacks significantly because our products prevent
    Windows from responding to this illegitimate traffic.
    6) Neither ZoneAlarm nor ZoneAlarm Pro are designed to protect server
    platforms. The following supported platform list applies to both ZoneAlarm
    and ZoneAlarm Pro:

    We appreciate NSSI's efforts to track this issue and are looking forward to
    working with them as we have in the past.

    Rgds, Te

    Te Smith
    Director, Corporate Communications
    Zone Labs Inc.
Thread Status:
Not open for further replies.