TCP reset using approximate sequence number
This entry from Security Metrics is followed up with the following CVE: CVE-2004-0230.
This attack vector is not a particular threat because our implementation does not use services that are particularly vulnerable. No actionable work to be done.
The attack described in this CVE is difficult to implement because the attacker would need the following information:
- The source IP (easy enough)
- The destination IP
- The port number
- The sequence number
This attack pretty much requires a man-in-the middle attack. When this threat came out paranoia reigned supreme. CNN, for example, ran a story that this 'flaw' could shut down the internet…and yet the Internet remains. By and large, upstream routers and ClearOS' Intrusion Prevention Systems watch for and protect the information required to implement this attack.
You can read more about this in this very well formed statement on the matter:
If your site is using BGP, we suggest that you use MD5 or other encryption between your peers for the BGP messaging. Likely you are not using BGP and if you are, your provider likely already requires encryption in your configuration.
To ensure particular vectors or iterations of this vulnerability are not viable against ClearOS, ensure that you are using and subscribed to ClearCenter Intrusion Prevention updates.
Additionally, ensure that any long-lasting, persistent connections are properly firewalled in the ClearOS Custom Firewall Rules set where applicable.