Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  TCP Split Handshake Attack

    Posted 04-13-2011 06:34

    Hi guys,

     

    About this article:

     

    http://www.networkworld.com/news/2011/041211-hacker-exploit-firewalls.html

     

    Does anybody know if SSG family allows this kind of attack?

    Tks.



  • 2.  RE: TCP Split Handshake Attack

    Posted 04-13-2011 09:44

    I'm also wondering about the ISG family



  • 3.  RE: TCP Split Handshake Attack

    Posted 04-13-2011 13:38

    Hi Juniper,

     

    What about the patch ?

    You are still selling security product ? Right !

     

    Regards,

     

    Hedi

     



  • 4.  RE: TCP Split Handshake Attack
    Best Answer

    Posted 04-13-2011 21:47

    HI All,

     

    ScreenOS has an option (see below). Not sure whether this will fix it/patch it or has the same effect. The NSS firewall remediation .pdf stats that for Juniper SRX use the "set security flow tcp-session strict-syn-check" so it appears the same.

     

    -------

    from 6.3.0r1.0 release notes

     

    Denial of Service Attack Defenses—ScreenOS 6.3.0 supports the feature of
    strict TCP-SYN-check wherein a strict syn check is applied to all the packets in
    a TCP three-way-handshake before the three-way handshake completes. Users
    can enable this feature by using the set flow tcp-syn-check strict command."

     

    Regards

     

    Tony



  • 5.  RE: TCP Split Handshake Attack

    Posted 04-14-2011 10:24

    Thanks Tony!