|06 Jun 2011||#1|
Whitelisting IPs, block an IP, and repeating sequences
Long story short, my computer is, for the first time ever, failing scans by Security Metrics (to make sure I'm PCI compliant). I run Zone Alarm Extreme Security, and for some very odd reason, I fail the scan VERY badly when this software is enabled. When it's completely disabled, and I have Windows Firewall enabled, I fail, but nearly as bad. Anyway, I need to white list some IPs. The tech at Security Metrics said:
For the worm vulnerabilities and port 256, 257 and 258 this is an indicator that we were not able to perform assessment fully. If you whitelist our IP range this will likely fix the issue. Our IP range is 18.104.22.168-48.
How do I whitelist IPs in Windows 7? (I'm NOT going to run ZA when I do my next scan. Too many false positives show up.)
Next, I got this in my scan results:
"Description: initial TCP sequence number is predictable
dpcxxxxxxxxxx.direcpc.comxx.xx.xxx.xxxJun 06 09:14:46 2011newSeverity: Area
of Concern CVE: CVE-1999-0077 5.0918new11Impact: A remote attacker could
hijack an existing session or create a new session using an arbitrary source
IP address. If services which use address-based authentication mechanisms
are enabled on the server, the attacker could execute arbitrary commands.
Background: The Transmission Control Protocol (TCP) is the protocol used by
services such as telnet, ftp, and smtp to establish a connection between a
client and a server. Every TCP packet includes a sequence number in the
header to ensure that all packets are received at the destination and
re-assembled in the correct order. The sequence numbering begins with an
initial sequence number which is chosen by the server and sent to the client
when the connection is established. Thus, sequence numbers also help to
verify the identity of the client, since only the intended client has
knowledge of the initial sequence number. Resolution The Solution described
in [ftp://ftp.isi.edu/in-notes/rfc1948.txt] RFC1948 was developed to
sufficiently randomize initial sequence numbers so they cannot be predicted.
Check [http://www.cert.org/advisories/CA-2001- 09.html] CERT Advisory
2001-09 to see whether your vendor has released a patch which implements
this Solution. If your operating system is vulnerable and there is no patch
available, it would be advisable to upgrade your operating system. Most
modern operating systems are not affected by this vulnerability. Windows NT
users should apply service pack 6a and install the patch referenced in
Microsoft Security Bulletin 99-046. Vulnerability Details: Service: nmap TCP
Sequence Prediction: Difficulty=20 (Good luck!)"I asked about that, and got this response:
In regards to the predictable sequence number we have replicated the vulnerability below:
~$ sudo hping3 -S -Q xx.xx.xxx.xxx-p 80
[sudo] password for isaac:
HPING xx.xx.xxx.xxx(eth1 xx.xx.xxx.xxx): S set, 40 headers + 0 data bytes
As you can see some of the sequence numbers are repeating.
Okay, so they're repeating. How the heck do I fix it????? (I thought that's what Security Metrics "support" was for.)
Last, how do I close port 1433?
If I've posted in the wrong forum, or if I'd be better posting at another forum, please let me know. Any help anyone could give me would be most appreciated.
|My System Specs|
|06 Jun 2011||#3|
Yes, I'm behind a router. When I first started doing the required scans, I failed. Security Metrics recommended ZA, so I bought it, installed it, and left the settings at default. Ran the scan after installation and passed with flying colors. This is the first time I've failed a scan. My fail reports are really bad with ZA enabled. With it disabled, there aren't nearly as many errors. But I do have a few that aren't false alarms, which I've posted. These are the ones I have to fix, but I don't know how.
|My System Specs|
|Thread Tools||Search this Thread|
|Similar help and support threads|
Ping DG, ftp block/httpd block
Hello Guys, I find this to be quite embarrassing, having an issue like this that I can't figure out. Here's what I can't do. 1. Ping DG (Default Gateway) 2. Ping my IP (22.214.171.124) 3. Can't access my router via remote, even though its setup to allow it.
|Network & Sharing|
Keyboard is displaying certain sequences when pressed? Help please.
Hi, my Packard bell laptop has started displaying sequences for some of the keys when pushed e.g. When I push q, 3, t or u the sequence q3tu appears always in that order, it doesn't matter if I push the q first it always appears as this sequence. Some of the other letter are fine however x,r,n,h...
|Hardware & Devices|
Hello So i've been getting the same few BSODs over past couple of months. Thing is, they only occur whilst playing one and the same game or at least i can't recall any other situation. Game is called "Heroes of Newerth" however their support is kind of a failure so i thought i will try my luck...
|BSOD Help and Support|
Some programs that I run fairly often, still ask me for UAC permission every time. Is there a way to make them not ask, just remember that this program is alright?
Installation repeating itself
So I searched and could not find anything on this. Using Windows 7 Ultimate 64bit. During the installation it will get all the way to the first reboot. Once it restarts it just goes back to the choose language screen and starts all over. I can't seem to find a way to get out of this loop. :shock:
|Installation & Setup|
© Designer Media Ltd
All times are GMT -5. The time now is 20:37.