cancel
Showing results for 
Search instead for 
Did you mean: 
mcoy
Level 7
Report Inappropriate Content
Message 1 of 3

TCP Split Handshake Attack

Hi,

NSS tested firewalls from 6 vendors for "tcp split handshake attack" vulnerability. Do you have information about Mcafee Enterprise Firewall in this topic?

Best Regards,

Tomek

2 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 3

Re: TCP Split Handshake Attack

No versions of the firewall are vulnerable to this attack.

I am trying to set it up right now because it sounds interesting to test.  I am following the explanation from this PDF (nmap.org).

sliedl
Level 14
Report Inappropriate Content
Message 3 of 3

Re: TCP Split Handshake Attack

Here is the official statement from Engineering:

McAfee Firewall Enterprise is not vulnerable to the “TCP Split Handshake” attack.  All versions of McAfee Firewall Enterprise protect against this attack, regardless of patch level or configuration.  McAfee has confirmed this protection via lab testing using published attack tools, as well as code and architecture review to confirm no similar vulnerability exists.

When successful, the “TCP Split Handshake” attack causes a network security device to allow traffic without applying the configured security policy.  Recently, security researchers and some test labs have drawn attention to this attack.  The test lab named one firewall vendor (not McAfee Firewall Enterprise) as being not vulnerable to this attack (out of numerous tested).  McAfee Firewall Enterprise was not part of the lab testing effort.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.