CVE-2005-3774

Name of the Vulnerable Software and Affected Versions Cisco PIX versions 6.3 through 7.0

Description The issue allows remote attackers to cause a denial of service by blocking new connections via spoofed TCP packets. This can be achieved by sending SYN packets with invalid checksums, which do not result in a RST, or by sending one byte of "meaningless data" from an external interface, or by using a TTL that is one less than needed to reach the internal destination.

Recommendations For Cisco PIX versions 6.3 through 7.0, consider implementing firewall rules to filter out spoofed TCP packets and restrict access to the external interface to minimize the risk of exploitation. Additionally, monitor network traffic for signs of spoofed packets and adjust TTL settings to prevent packets with insufficient TTL from reaching the internal destination.