Untangle Fails PCI Scan

zac1333 · 11-29-2011, 06:57 AM

Hello,

We are going through a PCI Compliance audit, and they did an external scan on our Untangle firewall running 9.0.2. They said it failed because of this - http://www.kb.cert.org/vuls/id/415294#systems.

I read through it and have a basic understanding of what they are saying, but how in the heck would I adjust/fix the Untangle to pass?

proactivens · 11-29-2011, 07:00 AM

http://forums.untangle.com/installat...-untangle.html
Search will turn up many threads about this issue and how to take care of it. I'm not trying to be one of those RTFM idiots, but this one has been discussed at length for years. The above thread should give all you need to pass though

sky-knight · 11-29-2011, 08:06 AM

That's a new one...

Now is about the time I point out that Untangle doesn't support BGP, doesn't use BGP, and therefore this vulnerability is moot.

The question is, why is it triggering?

dmorris · 11-29-2011, 08:15 AM

Its probably basing the predictability of sequence numbers off a port forward to a machine with a different TCP stack.

I'd start by disabling all your port forwards and any bypass rules you've added.

sky-knight · 11-29-2011, 11:19 AM

I just did some Googling on this and I'm with DMorris. Is TCP 179 is forwarded to something?

11-29-2011, 06:57 AM	#1 (permalink)
zac1333 Newbie Join Date: Aug 2008 Posts: 9	Untangle Fails PCI Scan Hello, We are going through a PCI Compliance audit, and they did an external scan on our Untangle firewall running 9.0.2. They said it failed because of this - http://www.kb.cert.org/vuls/id/415294#systems. I read through it and have a basic understanding of what they are saying, but how in the heck would I adjust/fix the Untangle to pass?

11-29-2011, 07:00 AM	#2 (permalink)
proactivens Join Date: Sep 2008 Location: Greensburg, Pa Posts: 2,307	http://forums.untangle.com/installat...-untangle.html Search will turn up many threads about this issue and how to take care of it. I'm not trying to be one of those RTFM idiots, but this one has been discussed at length for years. The above thread should give all you need to pass though __________________ www.untangleappliances.com Toll Free: 866-794-8879 UNTANGLE PLATINUM PARTNER Follow us at spiceworks!

11-29-2011, 08:06 AM	#3 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	That's a new one... Now is about the time I point out that Untangle doesn't support BGP, doesn't use BGP, and therefore this vulnerability is moot. The question is, why is it triggering? __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

11-29-2011, 08:15 AM	#4 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	Its probably basing the predictability of sequence numbers off a port forward to a machine with a different TCP stack. I'd start by disabling all your port forwards and any bypass rules you've added. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

11-29-2011, 11:19 AM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	I just did some Googling on this and I'm with DMorris. Is TCP 179 is forwarded to something? __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons