mailing list archives
Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
From: Te Smith <tsmith () zonelabs com>
Date: 17 Oct 2002 01:45:03 -0000
In-Reply-To: <20021016144639.56762.qmail () mail com>
We have been unable to reproduce NSSI’s findings using the information
they supplied. We communicated our inability to verify the test results
to NSSI and continue to test possible scenarios.
1) The alleged behavior does not represent a security vulnerability.
NSSI only alleges that under very limited circumstances involving a very
heavy SYN flood with spoofed packets, a PC protected by ZoneAlarm Pro
might slow down.
2) None of the alleged behavior would put user data at risk.
3) None of the alleged behavior would cause the protected PC to crash.
4) This attack scenario is unrealistic because according to NSSI, it
requires that the attack comes from within a LAN behind a “10/100mbps
switch”. According to NSSI’s report, once the attack stops, the PC
functions normally once again. Under almost all circumstances, a common
Internet connection (dial-up, cable or DSL connection) does not have
enough bandwidth to trigger this inconvenience. We did find some slow-down
on very fast networks and will address these issues in our next product
5) Our tests show that ZoneAlarm and ZoneAlarm Pro actually reduce
the vulnerability to most DoS attacks significantly because our products
prevent Windows from responding to this illegitimate traffic.
6) Neither ZoneAlarm nor ZoneAlarm Pro are designed to protect server
platforms. The following supported platform list applies to both
ZoneAlarm and ZoneAlarm Pro:
We appreciate NSSI’s efforts to track this issue and are looking forward
to working with them as we have in the past.
Director, Corporate Communications
tsmith () zonelabs com
- Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Te Smith (Oct 17)