Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IP Identification Field Fingerprinting Vulnerability

An security check on my internet gateway report me a UDP Constant IP Identification Field Fingerprinting Vulnerability

Anyone hear about resolving UDP Constant IP Identification Field Fingerprinting Vulnerability in Cisco routers.

5 REPLIES
Silver

Re: IP Identification Field Fingerprinting Vulnerability

Some hosts transmit UDP packets with IP Identification field with a value of 0. An attacker may be able to exploit this weakness to discover the operating system and approximate kernel version of the vulnerable system. This information can then be used in further attacks against the host. The ability to fingerprint operating systems based on minor differences in network implementations is well known.

Cisco Employee

Re: IP Identification Field Fingerprinting Vulnerability

Can you provide a link to this vulnerability?

New Member

IP Identification Field Fingerprinting Vulnerability

Hello - this has been flagged by an Audit in our network as well - is there a known fix/workaround to prevent this vulnerability?

Thanks

Phil

Gold

Re: IP Identification Field Fingerprinting Vulnerability

Hi

Well

Yes and no, it all constituets what you think is a vulnerability, and how you define it.

This is one of the things that I consider to be "extra information" ie it is something that should be reported, thought about and then marked as read, understood but acceptable risk.

it is one of those things that you need to have with you in the report or you have not done a thorough job but it is not in anyway a critical information.

In this case I would state that the correct answer for the person recieveing the report in most cases would be

"Good that you found it, Yes we understand the implications and we will do nothing about this. Next point in the list."

Most of these problems occur because of the people reading the reports does not know how to classify the information in regards to the overall picture and thus gives the wrong importance to information like this and thus stealing resources away from the real problems.

It is all fueled on because the makers of the scanning software have to show they find more than any other maker of scanning software reports. Otherwise the buyer of the software will go elsewere. This means that since the buyer does not understand security, the report have replaced the brain of the buyer.

One have to ask oneself, where is the quality in that!

And to the original question, you can not do anything about this if you are using udp (like DNS). its all in a part of the software that is not configurable for you.

so if you read my text above I would guess that the correct answer would apply to this, however this is something that the company you hired to do the scanning should have explained to you.

Good luck

HTH

New Member

Hi - this has been flagged by

Hi - this has been flagged by many customers - is there a way to block / inspect such traffic by ASA?

Thanks,

4056
Views
0
Helpful
5
Replies
CreatePlease to create content