Cuidado con este ultimo Alfon :

Related by: Abraham Lincoln.


Vulnerable systems:
* Sygate Personal Firewall version 5.0

Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host with SPF]

1] IP Spoofing Vulnerability Default Installation
- SPF is vulnerable with IP Spoofing attack by Scanning the host with a source IP address 127.0.0.1 or network address 127.0.0.0. The Attacker could scan or attack the target host without being detected by the personal firewall. This vulnerability is very serious w/c an attacker could start a Denial of Service attack against the SPF protected host and launch any form of attack.

- To those who wants to try to simulate the vulnerability, you may use source address 127.0.0.1 - 127.0.0.255.

Workaround:
1] Set the SPF to BLOCK ALL mode setting which Abraham does not think the user would do. This type of setting would block everything all incoming request and outgoing.

2] Block source address 127.0.0.1 or 127.0.0.0 network address manually in Advance rules section.