WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
26 May, 2000
NetProwler 3.0 Man-in-the-Middle DoS

NetProwler 3.0 will crash if the Man-in-the-Middle signature encounters a packet for which the following expression evaluates to true:

(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH

This is not a packet fragmentation problem. It is an issue with specific malformed packets. This problem has been fixed in NetProwler 3.5, and the code has been reviewed for other similar issues.

Additional information is available in the June 1 Advisory

Solutions:

  1. In NetProwler 3.0, disable the Man-in-the-Middle signature for all monitored hosts.
  2. Upgrade to NetProwler 3.5 (to be released in June 2000).


Last modified on: Friday, 13-Apr-2001 06:17:48 PDT
[an error occurred while processing this directive]