Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to remediate "TCP Sequence Number Approximation" Vulnerability in AIX ?

Posted on 2016-07-26
5
Medium Priority
?
184 Views
Last Modified: 2016-08-27
Hi

Please see the details below.

Vulnerability reported : TCP Sequence Number Approximation Vulnerability
Recommended Solution is to enable MD5 signatures

how to enable MD5 signatures in AIX ? Do we need to implement this on Application/Middle ware side ?

Thank you
0
Comment
Question by:pmsa epic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 32

Assisted Solution

by:harbor235
harbor235 earned 1000 total points (awarded by participants)
ID: 41731625
Another possibility is to enable TCP sequence randomization on network security devices, e.g. firewalls. Cisco ASAs transform and radomize TCP seq numbers, this makes it very hard to guess and potentially hijack the session.

Juniper SRX performs a TCP seq check, invalidating any segments with TCP seq numbers out of the expected range.

Not sure how to do this on the AIX


harbor235 ;}
1
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points (awarded by participants)
ID: 41734929
How big is the damage measured by nmap -O ? Is it much bigger than Windows?
Aix has no tunable parameters to cure it. 15 years ago OpenBSD was only system to jam TCP sequence in passing.
1
 

Author Comment

by:pmsa epic
ID: 41737875
Thank  you. Can it be enabled at Application/middle ware level ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 41747736
No, it is at lower level.
Can you show last line of nmap -O ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 41772799
Gheist says:
best you can get out of AIX alone :
http://lcamtuf.coredump.cx/newtcp/#aix
no -o tcp_icmpsecure=1 makes the pillow more uniform, still very simple (last measured on AIX 6.1, no changes since 4.3.3)
It is far from good. Thats why in-system facility neglected in favour of outside RNG.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question