Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IPFilter TTL Fingerprinting Vulnerability

IPFilter TTL Fingerprinting Vulnerability

by Nikola Strahija on April 3rd, 2002 IPFilter is a freely available, open source firewall package written by Darren Reed. It is available for multiple platforms, including Unix and Linux operating systems.


Under some circumstances, IPFilter sends responses that can allow an attacker to gain information about the firewall ruleset. When an attempt is made to connect to a system via TCP on a port that is filtered by IPFilter, and IPFilter returns a RST, it is possible to differentiate between filtered and unfiltered ports. A port that is filtered by IPFilter will return a RST with a TTL field set to 60, whereas the operating system will return it's default TTL value for a RST.

Remote: Yes

Exploit: This vulnerability may be exploited by using one of numerous available portscanning utilities and packet analysis utilities.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »