Author Topic: Linux kernel TCP sequence number generation security weakness  (Read 1459 times)

Offline mike@ciconi.co.uk

  • New Member
  • *
  • Posts: 3
  • Country: gb
  • Karma: +0/-0
    • View Profile
Linux kernel TCP sequence number generation security weakness
« on: December 10, 2019, 09:39:58 AM »
We have been Cyber Essentials tested, whilst we passed, the have recommended that we look into:-

"Linux kernel TCP sequence number generation security weakness"

This is on our Mitel 5000 IP address, we have VOIP with the following ports open

3998-4000     TCP
443               TCP
4000             TCP
4444             TCP
20001           UDP
50098-50508 UDP
44000           TCP
69                 UDP
6004-6261    UDP
6800-6802    TCP
22                 TCP

Have we got any not required, could this cause this, or this this just one of those things.





Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2984
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Linux kernel TCP sequence number generation security weakness
« Reply #1 on: December 11, 2019, 07:19:22 AM »
Mike,

There are a few of those that you don't want to open up to the Internet; which is where the attack is most likely to come from.

22
69
443
4000
4400
3998-4000

The remainder would need to be open to the Internet if you have Teleworker phones. If this is a concern you could always implement an MBG to sit inbetween the Internet and your MiVO-250.

Thanks,

TE

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Linux kernel TCP sequence number generation security weakness
« Reply #2 on: December 11, 2019, 07:36:12 PM »
Do you have remote phones? Many of those ports are required for NAT'd remote phones, most of them in fact. 443 and 44000 are for remote administration, although we often change 443 to 8443.

The only one that seriously concerns me is port 22, it should only be forwarded if used with a source IP mask restriction for your vendor, and make sure your admin password is of sufficient complexity and length. 69 is not required and is a common port, I would close it and any remote phones will fail over to 20001. I can't for the life of me remember what 4444 is for though.

Offline mike@ciconi.co.uk

  • New Member
  • *
  • Posts: 3
  • Country: gb
  • Karma: +0/-0
    • View Profile
Re: Linux kernel TCP sequence number generation security weakness
« Reply #3 on: December 12, 2019, 03:55:05 AM »
Thanks, yes we have in the past had remote phones, not currently but may again in the future, so ideally want to keep this available.


 

Sitemap 1 2 3 4 5 6 7 8 9 10