1. we are scanning our to check PCI Compliance of our server.
2. one of the reported vulnerability is dealing with firewall. below is the exact description of the issue:
Title: TCP reset using approximate sequence number Impact: A remote attacker could cause a denial of service on systems which rely upon persistent TCP connections. Resolution: To correct this problem on Cisco devices, apply one of the fixes referenced in the Cisco security advisories for [http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
] IOS and [http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-
nonios.shtml] non-IOS operating systems. Refer to [http://www.kb.cert.org/vuls/id/415294#systems
] US-CERT Vulnerability Note VU#415294 and [http://www.uniras.gov.uk/niscc/docs/re-20040420-00391.pdf?lang=en
] NISSC vulnerability advisory 236929 for other vendor fixes. If a fix is not available, this problem can be worked around by using a secure protocol such as [http://rfc.net/rfc2411.html
] IPsec, or by filtering incoming connections to services such as BGP which rely on persistent TCP connections at the firewall, such that only allowed addresses may reach them. Risk Factor: Medium/ CVSS2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:
P) CVE: CVE-2004-0230 BID: 10183
3. what firewall setting will be good to avoid this issue??
fyi, i am running Centos6 with Plesk panel