AnsweredAssumed Answered

QID 82024 - UDP Constant IP Indentification Field Fingerprinting Vunerability

Question asked by ITSupport on Dec 15, 2011
Latest reply on Dec 22, 2011 by Alex Quilter

 

Issue: a customer has been provided a Technical Report for Payment Card Industry (PCI) which has resulted in a "non-Compliance" result.

 

 

QID 82024 - UDP Constant IP Indentification Field Fingerprinting Vunerability = Level 2

 

 

Description:

 

The host transmits UDP packets with a constant IP Identification field. This behavior may be exploited to discover the operating system and approximate kernel version of the vulnerable system.

 

Normally, the IP Identification field is intended to be a reasonably unique value, and is used to reconstruct fragmented packets. It has been reported that in some versions of the Linux kernel IP stack implementation as well as other operating systems, UDP packets are transmitted with a constant IP Identiciation field of 0.

 

Impact:

 

By exploiting this vulnerability, a malicious user can discover the operating system and the approximate kernel version of the host. This information can then be used in further attacks against the host.

 

Solution:

 

We are currently not aware of any fixes for this issue.

 

Result:

 

IP_ID=0

 

 

 

Question:

 

This customer utilises Windows 2003 server with no Linux OS equipment on site and has insisted that we fix this issue so as they can keep their Credit Card Payment facility. Router utilised is a Vigor 2800 and as such I'm requesting information as to how to resolve this issue as the noted solution in the report is not helpful.

 

If a solution is not possible and this behaviour type is by design, none changeable, and of standard practice, I will require some correspondance so as to relay to the customer.

 

Many Thanks

Outcomes