Our client has got a server that need to be PCI compliance. Price is $25. Please pm if you would like to take the job.
This is the problem:
# - 11
System Responds to SYN+FIN
This device responded to a TCP packet with both the SYN and FIN
bits set. Such packets do not occur in typical network traffic, but can
be used by attackers to bypass the security rules configured in nonstateful
firewalls and establish connections with protected hosts.
CVSSv2： AV:N/AC:L/Au:N/C:N/I:N/A:N (基本得分：0.00)
Verify that stateful inspection has been implemented on the network
to protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and that
the software revision is current. You may additionally wish to create
specific filtering rules designed to drop or reject packets with certain
combinations of bits set in initial synchronization packets such as SYN/
FIN, and SYN/RST. Do not use routable IP space internally, except
within your DMZ.