
IP Spoofing
This option enables checking for TCP sequence prediction. If the TCP sequence
is predictable, an intruder can send packets that are forged to appear to come
from trusted machines and compromise such services as rsh and rlogin, because
their authentication is based on IP addresses. The percentage guessed is the
likelihood that an intruder could predict the sequence and compromise the system.
Risk: Medium
Fix: Ask your vendor for patches to correct TCP sequence prediction.
Using Rsh
This vulnerability allows an intruder masquerading as a user from a trusted
host to execute a command remotely through the rsh service.
Risk: High
Fix: Turn off rshd and other services that authenticate based on IP address.
Install patches from your vendor that correct TCP sequence prediction.
Using Rlogin
This vulnerability allows an intruder masquerading as a user from a trusted
host to execute a command remotely through the rlogin service.
Risk: High
Fix: Turn off rlogin and other services that authenticate based on IP address.
Install patches from your vendor that correct TCP sequence prediction.
Advisories:
HP-UX Patches: HP-UX 9.0x Patch hp-ux_patches/s700/9.X/PHNE_5361 contains the ability to
randomize TCP sequence. HP-UX 10.x: uses nettune to select sequence number
approach. See