2 Replies Latest reply on May 11, 2011 3:41 PM by sliedl

    TCP Split Handshake Attack




      NSS tested firewalls from 6 vendors for "tcp split handshake attack" vulnerability. Do you have information about Mcafee Enterprise Firewall in this topic?


      Best Regards,


        • 1. Re: TCP Split Handshake Attack

          No versions of the firewall are vulnerable to this attack.


          I am trying to set it up right now because it sounds interesting to test.  I am following the explanation from this PDF (nmap.org).

          • 2. Re: TCP Split Handshake Attack

            Here is the official statement from Engineering:


            McAfee Firewall Enterprise is not vulnerable to the “TCP Split Handshake” attack.  All versions of McAfee Firewall Enterprise protect against this attack, regardless of patch level or configuration.  McAfee has confirmed this protection via lab testing using published attack tools, as well as code and architecture review to confirm no similar vulnerability exists.


            When successful, the “TCP Split Handshake” attack causes a network security device to allow traffic without applying the configured security policy.  Recently, security researchers and some test labs have drawn attention to this attack.  The test lab named one firewall vendor (not McAfee Firewall Enterprise) as being not vulnerable to this attack (out of numerous tested).  McAfee Firewall Enterprise was not part of the lab testing effort.