# [solved] False PCI compliance vulnerability?

## maiku

TCP reset using approximate sequence number is what comes up when our office is scanned.  Doing research online I read that it's a false positive or maybe it isn't - basically some inconclusive stuff.

Of course the router here is a Linux server and it's been fine for quite some time and then this "vulnerability" comes up.  So, how might I be able to remedy this?  A kernel upgrade?  Taking out a network setting in the kernel?

Below is the entire message.

 *Quote:*   

> Description: TCP reset using approximate sequence number Severity: Potential Problem CVE: CVE-2004-0230 Impact: A remote attacker could cause a denial of service on systems which rely upon persistent TCP connections. Background: The Transmission Control Protocol (TCP) is the protocol used by services such as telnet, ftp, and smtp to establish a connection between a client and a server. Every TCP packet includes a sequence number in the header to ensure that all packets are received at the destination and re-assembled in the correct order. The sequence numbering begins with an initial sequence number which is chosen by the server and sent to the client when the connection is established. Thus, sequence numbers also help to verify the identity of the client, since only the intended client has knowledge of the initial sequence number. The Border Gateway Protocol (BGP) is a TCP protocol used by routers to exchange routing information. It is primarily used by Internet service providers. Resolution To correct this problem on Cisco devices, apply one of the fixes referenced in the Cisco security advisories for [http://www.cisco.com/warp/public/707/ci sco-sa-20040420-tcp-ios.shtml] IOS and [http://www.cisco.com/warp/public/707/ci sco-sa-20040420-tcp-nonios.shtml] non-IOS operating systems. Refer to [http://www.kb.cert.org/vuls/id/415294#s ystems] US-CERT Vulnerability Note VU#415294 and [http://www.uniras.gov.uk/niscc/docs/re- 20040420-00391.pdf?lang=en] NISSC vulnerability advisory 236929 for other vendor fixes. If a fix is not available, this problem can be worked around by using a secure protocol such as [http://rfc.net/rfc2411.html] IPsec, or by filtering incoming connections to services such as BGP which rely on persistent TCP connections at the firewall, such that only allowed addresses may reach them. Vulnerability Details: Service: tcp sent spoofed RST packet, received RST packet

 

----------

## pjp

I usually look at the alerts and then see what other OSes do.  So if your OS isn't listed, look for another.  The CVE in this case doesn't point to anything specifically useful that I noticed, so I did another search.

Here is Red Hat's position and the LWN article they reference.

----------

## maiku

Sorry I'm late to respond on this.  This post actually helped me a lot.  I brought up that article to the company and they no longer report that.

Thanks.

----------

