Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sygate Personal Firewall 5.0 IP Spoofing Vulnerability

Sygate Personal Firewall 5.0 IP Spoofing Vulnerability

by Nikola Strahija on September 17th, 2002 Sygate Personal Firewall 5.0 is a host-based Firewall designed to protect your PC against attacks from both the Internet, and other computers in the local network.


Sygate Personal Firewall 5.0 for windows platform contains IP Spoofing
vulnerability. These vulnerability could allow an attacker with a source IP of
127.0.0.1 to Attack the host protected by Sygate Personal firewall without
being detected. Sygate Personal firewall is having problem detecting incoming
traffic with source ip 127.0.0.1 (loopback address)
Details:

Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder]
[Host with SPF]
1] IP Spoofing Vulnerability Default Installation

- SPF is vulnerable with IP Spoofing attack by Scanning the host with a
source ip address 127.0.0.1 or network address 127.0.0.0. The Attacker could
scan or attack the target host without being detected by the personal firewall.
This vulnerability is very serious w/c an attacker could start a Denial of
Service attack against the spf protected host and launch any form of attack.
- To those who wants to try to simulate the vulnerability, you may use
source address 127.0.0.1 - 127.0.0.255 ;)

Workaround:

1] Set the SPF to BLOCK ALL mode setting which i don't think the user would do
;) This type of setting would block everything all incoming request and
outgoing.

2] Block source address 127.0.0.1 or 127.0.0.0 network address manually in
Advance rules section.

Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K
Professional

Vendor Status: Vendor already accepted the vulnerability and they will be
releasing new version to Patch the vulnerability

Vendors website: http://www.sygate.Com
Severity: High


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »