Predictable TCP sequences generated by Security Gateway in R80.20 / R80.30

Acaban de soltarlo desde checkpoint … toca actualizar (de nuevo). «Since R80.20, predictable TCP sequences are generated (in some cases) by the Security Gateway as a result of a functionality bug.»

Symptoms

Predictable TCP sequences are generated by the Security Gateway.

Cause

Since R80.20, predictable TCP sequences are generated (in some cases) by the Security Gateway as a result of a functionality bug.

It might happen when using the following blades/protections (for example):

HTTPS inspection for HTTPS connections
‘Header spoofing’ IPS protection
User web portals on Security Gateway

Since in most of the cases these type of connections are encrypted, attacker can use it only to create spoof reset and not session hijack.

If succeed, it can cause disconnections of specific connection.

Solution

This problem was fixed. The fix is included in:

Jumbo Hotfix Accumulator for R80.30 (since Take_135)
Jumbo Hotfix Accumulator for R80.20 (since Take_134)