Good Day Ladies and Gents,
I have a query referring to the NISCC Vulnerability Advisory 236929 @
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
Check Point Brought out a Solution regarding this issue to apply hot
fixes R55 HFA - 03, R54 HFA -410 or NG FP3 HFA - 325 relevant to the
environments you are running.
Steps to be taken are to apply HFA to both enforcement modules and
management stations and set the kernel global variable
fwseqvalid_exact_ayn_on_rst to control this feature and last of all is
to verify the TCP Sequence Verifier in smart defense is set to track
anomalous out of state packets.
http://www.checkpoint.com/techsupport/alerts/tcp_dos.html
Has any done this as yet and has anyone incurred any issues due to this
solution, my main concern was the kernel global variable change
Please Advice
Regards
Jeremy Kaweesa
Network Operations
Smart Systems for Health Agency
C: 416-618-8096
BlackBerry Pin: 2003F994
Jeremy.Kaweesa AT ssha.on DOT ca
www.ssha.on.ca
________________________________________________
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If otherwise received, please destroy. Please Destroy.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
