Hi, our PCI vendor, Trustwave, flagged us on the following, both for the 8.102 firewall itself (on the webadmin port), and for servers behind our 7.509 firewall. I'm guessing both versions are allowing it, but the scan missed it due to portscan detection or something.
Thanks,
Barry
Quote:
|
System Responds to SYN+FIN TCP Packets This device responded to a TCP packet with both the SYN and FIN bits set. Such packets do not occur in typical network traffic, but can be used by attackers to bypass the security rules configured in nonstateful firewalls and establish connections with protected hosts. CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N(0.00) Reference: US-CERT Vulnerability Note VU#464113 - TCP/IP implementations handle unusual flag combinations inconsistently Service: apache:http_server (astaro 8.102) Service: https (ubuntu server behind 7.509) |
Barry