DOS: Multi Vendor TCP Timestamp Option Denial of Service
This signature detects attempts to exploit a known vulnerability against TCP implementations of multiple vendors. A successful attack can result in a denial-of-service condition.
Extended Description
A denial-of-service vulnerability exists for the TCP RFC 1323. The issue resides in the Protection Against Wrapped Sequence Numbers (PAWS) technique that was included to increase overall TCP performance. When TCP 'timestamps' are enabled, both hosts at the endpoints of a TCP connection employ internal clocks to mark TCP headers with a 'timestamp' value. When TCP PAWS is configured to employ timestamp values, this functionality exposes TCP PAWS implementations to a denial-of-service vulnerability. The issue manifests if an attacker transmits a sufficient TCP PAWS packet to a vulnerable computer. The attacker sets a large value as the packet timestamp. When the target computer processes this packet, the internal timer is updated to the large value that the attacker supplied. This causes all other valid packets that are received subsequent to an attack to be dropped, because they are deemed to be too old or invalid. This type of attack will effectively deny service for a target connection.
Affected Products
Cisco sn5400_series_storage_routers,Freebsd freebsd
Short Name
DOS:MULTIVENDOR-TCP-TIMESTAMP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DOS
Keywords
CVE-2005-0356 Denial Multi Option Service TCP Timestamp Vendor bid:13676 bid:16295 of
Release Date
11/26/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/9999
False Positive
Unknown
Vendors
Blue_coat_systems
Sco
Openbsd
F5
Yamaha
Ietf
Avaya
Hitachi
Alaxala_networks
Freebsd
Nortel_networks
Cisco
Microsoft
CVSS Score
5.0