Greetings:
New to FreeBSD (Solaris/Linux admin here) and I'm struggling with fixing this issue with IPFW. Apologies right up front if this has been covered a bazillion times here, but I'm now running in circles and haven't found it.
I'm attempting to resolve this (warning from Orbit Vulnerability scan included at the bottom) with a similar entry that successfully blocked another issue (the SYN,FIN) but it does not seem to be catching it:
00249 deny tcp from any to any in tcpflags syn,rst
00250 deny tcp from any to any in tcpflags fin,syn
Counters after an Orbit scan show the rule isn't being matched (but rule 250 for SYN,FIN is matching and working properly):
00249 0 0 deny tcp from any to any in tcpflags syn,rst
00250 5 200 deny tcp from any to any in tcpflags fin,syn
Am I using the wrong rule for this?
I have also found references that talk about using /etc/sysctl/conf using this entry:
net.inet.tcp.blackhole=2
But an Orbit scan still comes up with the warning.
Anyone successfully resolving this with IPFW? Can you educate a FreeBSD/IPFW NewB?
Thanks in advance.
--Joe
==Orbit Scan Result==
Warning: general/tcp
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bug...02-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
Nessus ID : 11618