ZDNet UK / News and Analysis / Business of IT / IT Strategy

Flaw discovered in Symantec firewall

By Matthew Broersma, ZDNet.co.uk, 6 August, 2002 11:48

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Firewall, Software, Symantec, Hackers, Attacks, Viruses, Raptor

NEWS
Researchers have discovered a flaw in Symantec's Raptor firewall that could allow attackers to hijack legitimate communications with a protected system. The vulnerability lies in the way the software creates and uses random numbers -- called TCP Initial Sequence Numbers -- for each new connection. In order to speed performance, the system reuses the same number for connections coming from the same source IP address and TCP port for a short time after the initial connection is closed, researchers said. During this period, an attacker could use the IP address and TCP information for an earlier, legitimate connection and create a new, unauthorised connection, a technique called "spoofing". This connection would appear to be coming from an address other than that of the real source, and could be used to carry out an attack. In addition, researchers said that the way the ISN is generated is not random enough. "A weakness in the generation of these ISNs could allow a remote attacker to easily predict the sequence numbers for a certain session," said Kristof Philipsen, a security engineer with e-security firm Ubizen Luxembourg, which discovered the flaw. Philipsen said that the generation of ISNs is based on two factors: the source and destination port number, and the source and destination IP address. The problem has been duplicated on six Raptor firewalls, according to Philipsen. The systems affected are:
  • Raptor Firewall 6.5 for Windows NT
  • Raptor Firewall V6.5.3 for Solaris
  • Symantec Enterprise Firewall 6.5.2 for Windows 2000 and NT
  • Symantec Enterprise Firewall V7.0 for Solaris
  • Symantec Enterprise Firewall 7.0 for Windows 2000 and NT
  • VelociRaptor Model 500/700/1000
  • VelociRaptor Model 1100/1200/1300
  • Symantec Gateway Security 5110/5200/5300
    • Ubizen and Symantec issued statements warning of the hole on Monday, and Symantec has issued a patch for the problem. Symantec's bulletin and patch are available on its Web site.
    For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section. Have your say instantly, and see what others have said. Go to the Security forum. Let the editors know what you think in the Mailroom.

    Related stories

    Tech pros: Cyberbomb is ready to go off

    PHP flaw threatens Web servers

    PGP flaw lets hackers pick Outlook locks

    Web ripe for massive worm attack

    Heart of England NHS begins massive digitisation plan

    Post your comment

    In order to post a comment you need to be registered and logged in.

    You can also log in with Facebook. Log in or create your ZDNet UK account below

    • Login

    Will not be displayed with your comment

    By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

    Get ZDNet UK's daily newsletter

    Enter your email address to sign up

    ZDNet UK Live

    Moley

    For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

    21 minutes ago by Moley on A tale of two distros: Ubuntu and Linux Mint
    ramwellian

    Your comments would seem pretty naive and immature. Your 'solution' appears to be, "gee, let's all just give in to the hackers and give them...

    33 minutes ago by ramwellian on Cloud computing security: no more oxymoron?
    BugStalker

    "Interesting thought ... If you installed Win7 as a dual boot on a machine that previously only had Linux, and it wrecked your Linux installation,...

    52 minutes ago by BugStalker on Windows 7 Declares War on GRUB
    whs001

    This is an excellent summary of Ubuntu and Mint and the interface differences between them. Most such articles take a very partisan position for...

    56 minutes ago by whs001 on A tale of two distros: Ubuntu and Linux Mint
    Moley

    @ewallace. Not so clear. Anyone can obtain the text, for example from here http://www.ustr.gov/webfm_send/2379. I support ACTA so long as it and...

    1 hour ago by Moley on ACTA: Facts, misconceptions and questions
    45283

    I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

    4 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA
    Burn-IT

    Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

    5 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs
    ewallace

    Just to be clear, nobody knows what is in the text of ACTA, here is a photograph of the text of ACTA http://twitpic.com/8h9iju as submitted to the...

    6 hours ago by ewallace on ACTA: Facts, misconceptions and questions
    fgvrg56

    Unfortunately main issue is that ASUS is refusing to accept that they make some mistake on this version of asus Transformer prime. 1 - GPS sensor...

    7 hours ago by fgvrg56 on Asus Eee Pad Transformer Prime Wi-Fi & GPS problems?
    Ben Woods

    @Marcus A fair question. Just talked with Archos which said it was working on an announcement for next week....

    8 hours ago by Ben Woods on Archos confirms G9 Ice Cream Sandwich update schedule
    Marcus Karlsson

    Any update on this, considering the claimed "first week of February"?

    9 hours ago by Marcus Karlsson via Facebook on Archos confirms G9 Ice Cream Sandwich update schedule
    apexwm

    Bill Goodrich : Just as al_langevin pointed out, with Windows Server 2008 there is no Services for Macintosh anymore. It's gone, not available....

    17 hours ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility
    txtrainguy

    Replying to an old topic that I'm currently facing with my CEO (who is on a Mac). Our servers are primarily Windows Servers, office is about...

    24 hours ago by txtrainguy on Windows Server 2008 drops the ball for Mac compatibility
    k0tcs3

    Sure, that makes perfect sense. Pay wrong-doers money and thank them for breaching your security and pointing out your flaws, that would surely...

    1 day ago by k0tcs3 on US indicts Romanian over NASA climate change hack
    Random_Error

    I think he's referring specifically to Android apps, as Apple do regulate their App Store, but Google seem to let any old crap onto the Android store!

    1 day ago by Random_Error on RIM: BlackBerry will keep 'garbage' apps out of store
    Paul Fezziwig

    Keep the crap apps out?! How will they compete with Android and Apple's claim to fame of having so many life changing apps? I wonder if the media...

    1 day ago by Paul Fezziwig via Facebook on RIM: BlackBerry will keep 'garbage' apps out of store
    Aigars Mahinovs

    It has been shown time after time that if there is an author store that sells the songs at even 1$ per song and gives you a high-quality digital...

    1 day ago by Aigars Mahinovs via Facebook on Copyright isn't working, says European Commission
    awbMaven

    ""As a result of Butyka's alleged conduct, researchers were unable to use the computers for more than two months while NASA removed the malicious...

    1 day ago by awbMaven on US indicts Romanian over NASA climate change hack
    subhorup

    It simultaneously worries me and uplifts me that a self-proclaimed group of internet activists name themselves after Indian mythical figures....

    2 days ago by subhorup on Anonymous activists release PCAnywhere source code
    naviathan

    It's actually far easier to work anonymously on the internet than you think. With tools like Tor bouncing your traffic around the world before...

    2 days ago by naviathan on Anonymous activists release PCAnywhere source code

    Latest in IT Strategy

    Heart of England NHS begins massive digitisation plan

    Hard-drive woes hit PC shipments in fourth quarter

    Featured white papers

    How cloud adds strategy to IT outsourcing

    SAVVIS

    How cloud adds strategy to IT outsourcing

    Thanks to cloud computing, IT outsourcing is back, but this time it can help both in cutting costs and helping the business... Read more

    Tech breakthroughs to watch in 2012

    ZDNet UK

    Tech breakthroughs to watch in 2012

    From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

    Key trends driving global business resilience and risk

    IBM

    Key trends driving global business resilience and risk

    This IBM research paper looks at how businesses are thinking more about business resilience by improving the ability to adapt to a continuously changing business... Read more

    Inside ZDNet UK

    A tale of two distros: Ubuntu and Linux Mint

    A tale of two distros: Ubuntu and Linux Mint

    2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

    2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

    BlackBerry Bold 9790

    BlackBerry Bold 9790

    Case study: How cloud enables growth

    Case study: How cloud enables growth

    Ten factors that make Ubuntu 11.10 a hit

    Ten factors that make Ubuntu 11.10 a hit

    Toshiba Portégé Z830-10P Review

    Toshiba Portégé Z830-10P Review

    BT's archive: Pictures from the vault

    BT's archive: Pictures from the vault