Preemptive Protection against Microsoft Windows IPv6 Denial of Service Vulnerability (MS06-064)
| Check Point Reference: | CPAI-2006-149 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS06-064 | |
| Industry Reference(s): | ||
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows XP Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 | ||
| Vulnerability Description A denial of service vulnerability has been detected in Microsoft Windows IPv6 TCP/IP stack. Internet Protocol version 6 (IPv6) is a new version of IP that follows IPv4 as the second version of the Internet Protocol. The primary purpose of IPv6 is to solve the problem of the shortage of IP addresses. An attacker may exploit the vulnerability to crash an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS06-064 |
|
|
Vulnerability Details The vulnerability is due to an error in the IPv6 TCP/IP stack when processing a malformed TCP packet. A remote attacker can exploit this flaw by specially crafting a packet with the 'SYN' flag set, and the source address and port are the same as the destination source and port, AKA a 'LAND' attack. Successful exploitation may result in crashing the target system. |
Protection Overview
Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a SYN packet in which the source address and port are the same as the destination, i.e., spoofed). LAND is a widely available attack tool that exploits this vulnerability.
By enabling this protection, SmartDefense will detect and block the spoofed LAND crafted packets. No update is required to address this vulnerability.
Please note that if the SmartDefense protection will not be enabled, LAND attacks will still be blocked by the firewall. In case the firewall detects a LAND attack it will log the following entry: 'Source and destination addresses are equal'.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Network Security > Denial of Service > LAND.
2. In the LAND configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entry:
Attack Name: LAND
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the SmartDefense tree, click Network Security > Denial of Service > LAND.
2. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entry:
Attack Name: LAND
Connectra NGX R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Network Security.
2. In the Network Secuirty pane, under Denial of Service, select the following:
LAND 
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entry:
Attack Name: LAND