[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2 warnings after a Nessus scan

Dear all,

I ran a Nessus scan of an OpenBSD box with PF to test my settings. It came up with 2 warnings.
One about accepting TCP SYN packets which have the FIN flag set and one about loose source routed IP packets.

The one about TCP SYN packets with the FIN flag has been cleared thanks to http://www.kb.cert.org/vuls/id/464113, http://www.kb.cert.org/vuls/id/IAFY-5F8RWP
and previous posts on this mailing list.

However I could not understand the 2nd one. The exact message from Nessus is:
"The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering and exploit another flaw.
However, it is not dangerous by itself.
Solution : drop source routed packets on this host or on other ingress routers or firewalls."

I could not find anything related to this 2nd issue. Could anyone please tell me if this is a false positive from Nessus?

If not, what do I have add in pf.conf in order to drop source routed packets? I thought that the antispoof setting would tackle this but it seems that it is not the case.

Thank you in advance.