Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
30 Nov 2009 Closed High CVSS v2: 7.1 SA41
In September of 2008, Outpost24 demonstrated Sockstress, a proof of concept tool that exploited multiple well known vulnerabilities in the design of TCP. The tool uses multiple techniques to cause resource exhaustion and a resulting denial of service on the target system. When ProxySG is targeted, system resources will gradually deplete and ProxySG will stop responding to new requests. ProxySG must be restarted to resume normal operation.
ProxySG 6.1 - a fix is available in 184.108.40.206.
ProxySG 5.5 - a fix is available in 220.127.116.11.
ProxySG 5.4 - a fix is available in 18.104.22.168.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - a fix is available in 22.214.171.124.
For information on how to upgrade SGOS on your ProxySG, please see KB3608.
An attack against ProxySG results in complete resource exhaustion. Existing requests that have been processed prior to the start of the attack will experience performance degradation and ProxySG will refuse any new connections. Proxy SG must be restarted to restore functionality. In some circumstances, configuration data on ProxySG 4.x appliances will be corrupted after restart.
Policies on ProxySG 5.x and later can be configured to reduce the effect of an attack. If configured to fail open, at the point of extreme resource exhaustion, all policies will be bypassed to allow traffic to continue to flow. ProxySG can also be configured to silently drop or explicitly deny requests when the user limit is reached.
Detection of an attack is nearly impossible. Traffic generated as a result of such an attack is difficult to distinguish from valid protocol exchanges. ProxySG can support tens of thousands of connections and it is common to find many legitimate connections from a single source. In addition, attackers often randomize their source addresses to avoid detection.
Modifications have been made to ProxySG to detect and terminate connections that are not legitimate. The techniques used are effective against Sockstress but may not be effective against other variations of the Sockstress exploits.
2012-01-17 Notification that no fix will be made available for 5.3. Changed status to final.
2011-03-10 Updated patch information for SGOS 4.3.x code branch
2010-11-04 Notification of a patch release fix for 4.3.
2010-09-29 Notification of a fix released for 6.1, update of advisory text, addition of CVSS score, change of severity to High, repaired link to upgrade article.
2010-07-07 Notification of a fix released for 5.5
2010-04-13 Notification of a fix released for 5.4
2009-12-02 Status update
2009-11-30 Initial public release
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.