Firewall software open to TCP handshake hack, says NSS Labs

Firewall software open to TCP handshake hack, says NSS Labs.

-- Tom

 

Very interesting.
Any idea how our, consumer grade, firewalls might behave? Especially those where few computers are hooked to a router and often IPs setup as trusted for everything. I suspect ZA will see it, but what about all others?

 

A thread concerning packet filtering, quite unusual.

This is about how firewalls/NAT handle (allow or block) TCP simultaneous-open. It is a test I made (when I had the time/inclination to test) on firewalls.


- Stem

 

Did they really mean "not vulnerable" or just the opposite considering this further quote

Regardless, Stem, can you explain this "TCP Split Handshake" process a bit further. I realize you haven't tested firewalls recently, but an explanation of the process would be very interesting to hear. Especially, us, consumer firewall users with tiny LANs behind a Linksys router, for instance.

I'm using packet filter firewall(s) so I'm interested to learn more

 

There is a PDF at nmap that explains. Direct download link http://nmap.org/misc/split-handshake.pdf


- Stem

 

Stem, thank you. Very interesting reading with good illustrations of the many flavors of handshake in your link above.
About simultaneous open, split handshake, implications for NAT.
Good paper.
Some is proof of concept and great material for hackers, but really worth reading, even if to only get a drift

 

I have the feeling i ve observed strange things that seem to be similar to what is described here since 2007 on some of my routers.
And as this is now public we can presume hackers use something else already