Is the ProxySG or Advanced Secure Gateway vulnerable to CVE-2004-0230?

book

Article ID: 166639

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You want to know if the ProxySG or Advanced Secure Gateway (ASG) appliances are vulnerable to CVE-2004-0230, "TCP Sequence Number Approximation Based Denial of Service".

Resolution

The ProxySG appliance is hardened against this sort of attack. The appliance compares the incoming sequence number to the last ACK we sent and the next sequence number we expect to receive.  If it is not equal to or is within 1 in either direction, we drop the packet.  Thus, if the attacker is not snooping on the network, they would need to do the following:

  1. Guess the connection 4-tuple
  2. Guess an acceptable sequence number -- a 3 in 4 billion chance
The impact would be that the connection would be dropped if the attacker were able to figure out the correct 4-tuple and sequence number.