Tag Archives: TCP Split Handshake

Looking Back…

Actually this post is nearly a couple of weeks in delay (last week I was skiing in at the Italian Dolomites!!). (Un)fortunately now that I am back to home (and to work), I have choosen this Friday The 13th, while preparing my traditional Cyber Attacks Master Index for the first half of January 2012, to give a quick look to the past year in terms of my blogging activity in order to discover which where the posts which collected most views (more than 60,000 in total), of course excluding the home page.

read more

TCP Split Handshake: Why Cisco ASA is not susceptible

As I told yesterday, I was not very satisfied with the updated NSS remediation guide concerning the TCP Split Handshake issue, published after the second round of testing on Cisco and Fortinet devices.

In particular, in case of Cisco, in my opinion the report was poor on details, considering Cisco’s ACL approach suboptimal and definitively coming to the discouraging conclusion that:

read more

TCP Split Handshake: The (Never)ending Story…

Cisco ASA 5510 Adaptive Security Appliance Cluster
Image by Audric Leperdi via Flickr

Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible

On May, the 9th 2011, nearly in contemporary, Cisco Systems and Fortinet, the last two security vendors involved in the TCP Split Handshake affair, which had not yet released a fix for the encountered issue, released two separate posts indicating the result of a second session of tests performed with NSS Labs.

read more

Other Considerations On TCP Split Handshake

The storm unleashed by NSS Labs test for the TCP split handshake attack which affected 5 firewall vendors  is far from being quiet.

During these days I enjoyed speaking with many colleagues about the results of the tests and definitively, I must confess that firewalls were not the only entities unaware the TCP Split Handshake, as a matter of fact, none of the professionals I discussed with (of course including me the first time I read about it) were familiar with this method of establishing TCP connections.

read more

TCP Split Handshake Attack Explained