Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Flood ACK packets cause an IBM SecureWay FireWall DoS

Flood ACK packets cause an IBM SecureWay FireWall DoS

by Nikola Strahija on October 9th, 2002 SecureWay is a robust FireWall product developed by IBM who works over AIX an Windows plataform. Is not a full fledged stateful packet filter, but more like a stateful-inspection with connection-centric deterministic-filtering firewall.


There exists an stack problem with malformed TCP packets that can lead
SecureWay to a DoS condition. To reach this condition a big band width is require.

Details:
========
When an all zeroed flags TCP packets is sent to the SecureWay FireWall, this
recognize the invalid packet only after a lot of procesing has been done. Because
of this, a flood of this forged packeges consumes a lot of resources and can lead
the IBM SecureWay FireWall to a deny of services condition.

To reach the DoS condition the flood must be over 2.8 Mbps, so this is more a
DDoS attack.

On servers running SecureWay, the standar AIX fix does not work.

Vendor Response:
================
IBM was contacted on July 14, 2002. The vendedor confirm the problem and release
a fix.

Corrective Action:
==================
Update to SecureWay Firewall 4.2.2 version or install APAR IR49046.
ftp://testcase.software.ibm.com/aix/fromibm/firewall/fwaixfilter4_421d*

Vulnerability Reporting Policy:
===============================
http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt


Author: Mauro Flores ([email protected])
Guillermo Freire ([email protected])

---------------------------------------------------------------------------
ANTel is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall ANTel be
liable for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
---------------------------------------------------------------------------



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »