topic Re: Vulnerability in TCP packet in General Topics

Vulnerability in TCP packet

bryanpascal — Tue, 27 Aug 2013 05:57:21 GMT

Hi guys ,

Is it possible for PAN to block asynchronous tcp and RST packets to prevent attack ?

Regards,

Bryan

Re: Vulnerability in TCP packet

VinceM — Tue, 27 Aug 2013 10:04:05 GMT

Hi,

Have you try with Security profile configured on security rule ?

Re: Vulnerability in TCP packet

rmonvon — Tue, 27 Aug 2013 14:01:08 GMT

Hi...By asynchronous, I assume you mean TCP packets that do not follow the TCP 3-way handshake. The default behavior of the PA is to perform stateful inspection and will drop packets that did not conform to the 3-way TCP handshake. Here's how to enable/disable this feature: How to Set the Firewall to Reject non-Syn First Packet?

Thanks.

Re: Vulnerability in TCP packet

kprakash — Tue, 27 Aug 2013 15:25:20 GMT

PANFW can act upon malicious TCP packets ( used for port scans and reconnaisance ) using the zone protection profile as shown below.

As I understand the zone protection is for incoming traffic.

That is if you want to protect DMZ then you should apply your zone-protection on the Untrust zone (facing Internet) and the Trust zone (facing your LAN - if you wish to protect from inside threats aswell (for example an overtaken client is being used to DDoS/DoS your DMZ devices)).