TCP/IP ACK Packet Saturation Remote DoS (stream.c)

This script is Copyright (C) 2000-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is vulnerable to a denial of service.

Description :

It seems it was possible to make the remote server crash using the
'stream' (or 'raped') attack.

An attacker may use this flaw to shut down this server, thus
preventing your network from working properly.

See also :

http://archives.neohapsis.com/archives/bugtraq/1999-q3/0260.html

Solution :

Solution :

Contact your operating system vendor for a patch.

- If you use IP filter, then add these rules :

block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 10271 ()

Bugtraq ID: 549

CVE ID: CVE-1999-0770