Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

How to remediate "TCP Sequence Number Approximation" Vulnerability in AIX ?

Hi

Please see the details below.

Vulnerability reported : TCP Sequence Number Approximation Vulnerability
Recommended Solution is to enable MD5 signatures

how to enable MD5 signatures in AIX ? Do we need to implement this on Application/Middle ware side ?

Thank you
0
pmsa epic
Asked:
pmsa epic
  • 3
2 Solutions
 
harbor235Commented:
Another possibility is to enable TCP sequence randomization on network security devices, e.g. firewalls. Cisco ASAs transform and radomize TCP seq numbers, this makes it very hard to guess and potentially hijack the session.

Juniper SRX performs a TCP seq check, invalidating any segments with TCP seq numbers out of the expected range.

Not sure how to do this on the AIX


harbor235 ;}
1
 
gheistCommented:
How big is the damage measured by nmap -O ? Is it much bigger than Windows?
Aix has no tunable parameters to cure it. 15 years ago OpenBSD was only system to jam TCP sequence in passing.
1
 
pmsa epicAuthor Commented:
Thank  you. Can it be enabled at Application/middle ware level ?
0
 
gheistCommented:
No, it is at lower level.
Can you show last line of nmap -O ?
0
 
gheistCommented:
Gheist says:
best you can get out of AIX alone :
http://lcamtuf.coredump.cx/newtcp/#aix
no -o tcp_icmpsecure=1 makes the pillow more uniform, still very simple (last measured on AIX 6.1, no changes since 4.3.3)
It is far from good. Thats why in-system facility neglected in favour of outside RNG.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now