Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point Protects Customers Against TCP RFC Vulnerability

REDWOOD CITY, Calif., - April 20, 2004 - Check Point Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today announced that it is defending against a security vulnerability that has been discovered in the implementations of TCP designed in accordance with the TCP RFC. (Reference: NISCC, http://www.uniras.gov.uk/niscc/docs/al-20040420-00199.html?lang=en)

This vulnerability is noteworthy because of the widespread use of the TCP standard, and the large number of machines that are potentially impacted. While a practical exploit is difficult to achieve, if the vulnerability is exploited, an attacker could create a Denial of Service condition against existing TCP connections, resulting in premature session termination.

The vulnerability allows a malicious user to send a specially crafted TCP packet with a RST or SYN flag inside an existing connection and cause its termination. Check Point VPN-1®/FireWall-1® can protect a customer's entire network, including non-Check Point hosts, against this attack by enforcing that RST packet sequence numbers exactly match the expected sequence within the TCP connection window.

Defense Mechanisms
A defense against this TCP RFC vulnerability has been available to subscription customers since April 19. For further details about the Check Point defense, please visit http://www.checkpoint.com/techsupport/alerts/tcp_dos.html.

About Check Point Software
Check Point Software Technologies is the worldwide leader in securing the Internet. It is the confirmed market leader of both the worldwide VPN and firewall markets. Through its Next Generation product line, the company delivers a broad range of Perimeter, Internal and Web security solutions that protect business communications and resources for corporate networks and applications, remote employees, branch offices and partner extranets. Extending the power of the Check Point solution is its Open Platform for Security (OPSEC), the industry's framework and alliance for integration and interoperability with "best-of-breed" solutions from over 350 leading companies. Check Point solutions are sold, integrated and serviced by a network of more than 2,300 Check Point partners in 92 countries. For more information, please call us at (800) 429-4391 or (650) 628-2000, or visit us on the Web at http://www.checkpoint.com or at http://www.opsec.com.

###

©2004 Check Point Software Technologies Ltd. All rights reserved., Check Point, Application Intelligence, Check Point Express, the Check Point logo, ClusterXL, ConnectControl, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FireWall-1 XL, FloodGate-1, INSPECT, INSPECT XL, InterSpect, IQ Engine, Open Security Extension, OPSEC, Provider-1, Safe@Office, SecureKnowledge, SecurePlatform, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, , and VPN-1 VSX are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726 and 6,496,935 and may be protected by other U.S. Patents, foreign patents, or pending applications.