Fortigate affected by Firestorm Bug ??

Forum|Forum|10 years ago
December 16, 2015
1 reply
2862 views

Hi all,

Any info about Firestorm bug and Fortigate Firewall ??

[link]http://www.bugsec.com/news/firestorm/[/link]

Regards,

HA

emnoc

New Member

I heard of no CVEs pertaining to this but my understanding of this issue(s) is that a SYN packet or SYN-ACK are being used to funnel data to the client+server. So to mitigated this you should never allow data within a SYN or SYN+ACK packet. ( why would we send before we have a established session )

You can write a simple rule to block this, this vulnerability btw has NOTHING todo with NGFW it's been around for decades. What I believe has happen is that the underworld is not exporting this in todays attacks.

see my blog on how to write a IPS rule to block payload in a SYN or SYN+ACK.

http://socpuppet.blogspot.com/2013/01/writing-ips-rules-fortinet-style.html

Go down half way and review the data size option. I've used scapy in a few past lives with exposing this many years ago.

enjoy

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded