Check Point Advisories

Security Best Practice: Familiarize Yourself with the Packet Sanity Protection

Check Point Reference: SBP-2008-19
Date Published: 15 Aug 2008
Severity: High
Last Updated: Sunday 14 March, 2010
Source: IPS Research Center
Industry Reference:CVE-2002-1071
Protection Provided by:
Who is Vulnerable? Computers and Networks
Vulnerability Description The Packet Sanity protection performs several Layer 3 and Layer 4 sanity checks. These include verifying packet size, UDP and TCP header lengths, dropping IP options and verifying the TCP flags.

Numerous types of attacks may be hidden in fragmented packets.
Vulnerability DetailsEven if Packet Sanity is Inactive or Detect Only, the following sanity verifications are still enforced and, when applicable, these packets are dropped and the event is logged:
  • UDP packets with invalid UDP Length
  • TCP packets with a corrupt header
  • UDP and TCP packets with source and/or destination port 0

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK