CVE-2004-0230—GUESSING TCP SEQUENCE NUMBERS AND INJECTING RST PACKETS not in threat DB

cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2004-0230—GUESSING TCP SEQUENCE NUMBERS AND INJECTING RST PACKETS not in threat DB

L3 Networker

Hi All,

 

CVE-2004-0230 does not seem to show up in the Palo Alto Networks threat database, but the below KB article seems to indicate that PAN have introduced threat mitigation for this CVE in PAN-OS 6.0.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllyCAC

 

I am wondering if this is an error in the PA threat database? or if mitigation for this threat has been removed from the PAN OS (which I believe unlikely)?

 

Can anyone shed any light on this issue?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

@Ben-Price,

I believe the mitigation that the article is talking about was actually PAN fixing the vulnerability within PAN-OS itself and not in direct relation to a threat signature being added to identify the traffic. Just as an FYI though, threat signatures are retired and they don't just stick around forever. 

View solution in original post

4 REPLIES 4

L3 Networker

Can anyone assist with this question? Maybe @BPry @reaper could possibly comment.

Cyber Elite
Cyber Elite

@Ben-Price,

I believe the mitigation that the article is talking about was actually PAN fixing the vulnerability within PAN-OS itself and not in direct relation to a threat signature being added to identify the traffic. Just as an FYI though, threat signatures are retired and they don't just stick around forever. 

View solution in original post

L1 Bithead

Guessing TCP Sequence Numbers and Injecting RST Packets  to persistent TCP connections by repeatedly injecting a TCP RST packet, This value does not have to be the exact window size since a smaller value used  RFC 5961 threat mitigation was implemented in PAN-OS 6.0.0.

upsers

L3 Networker

@BPry OK thanks for that info. A few questions:
So protection from this threat is built into the PAN OS and no need to configure an action within a Vulnerability profile then?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!