I hope to try and rectify that in this post.īefore I jump into a description of this attack, WatchGuard XTM owners probably want to know if they are vulnerable to this attack. I’m not sure that these descriptions properly characterize this vulnerability, and I suspect many administrators may not really understand how this attack works (let alone what it does and doesn’t allow an attacker to accomplish). Many of the Media’s articles characterize this complicated TCP connection attack as, “a hacker exploit that lets an attacker trick a firewall and get into an internal network as a trusted IP connection” or as a “hole” in firewalls.
If you’ve followed security news over the past few days, you’ve probably seen a lot of hoopla about a TCP split-handshake vulnerability that can affect firewalls and other networking and security devices.
