Network Service Malformed Data Remote DoS

Support for security such as Firewalls and securing linux
Post Reply
mehmetmirac
Posts: 11
Joined: 2022/03/31 06:37:43

Network Service Malformed Data Remote DoS

Post by mehmetmirac » 2022/09/29 07:00:18

Hi expert :)

As a result of Nessus scans, we noticed that this vulnerability came to our servers. --> https://www.tenable.com/plugins/nessus/17296

Interestingly, it appears in some of our server tiers, while others do not. I wanted to do research on this vulnerability, but I couldn't find much information on the internet.

We tried some methods to fix this problem. One of them was adding rule with mangle table. We examined the ip tables procedure and saw that this method is used in many places to take precautions against DoS attacks. We added it as an iptables rule on our own server and looked at the results we got.

Added Rule

Code: Select all

Block Invalid Packets
iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
This rule blocks all packets that are not a SYN packet and don’t belong to an established TCP connection.

Block New Packets That Are Not SYN
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
But that didn't work either. While some of our servers did not see the error, some of them were seen again.

What could be the reason for this error? How is it resolved? I need such ideas. Thanks in advance for the answers :)

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Network Service Malformed Data Remote DoS

Post by TrevorH » 2022/09/29 09:40:23

I'd be pretty sure that is a false positive detection. The nessus page you linked to says this is CVE-1999-1196 so it's an over 20 years old CVE. The product it's listed against in the CVE database is Hummingbird Exceed which is or was an X Windows implementation for Microsoft Windows. The chances of you having that package installed on a linux server is slim to non-existent.

https://nvd.nist.gov/vuln/detail/CVE-1999-1196
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mehmetmirac
Posts: 11
Joined: 2022/03/31 06:37:43

Re: Network Service Malformed Data Remote DoS

Post by mehmetmirac » 2022/09/29 11:01:44

Thx for information :)

Post Reply