SonicWall Notice Concerning FireStorm Vulnerability
Dell SonicWALL Notice Concerning FireStorm Vulnerability
A security flaw code-named FireStorm was recently identified that could potentially leave many next-generation firewalls vulnerable. During an internal review, Dell SonicWALL discovered that our firewalls will allow SYN connections with data. Dell SonicWALL Firewalls have full SPI capabilities and most customers define the IP address and port number in the access rules first. This method has no vulnerability. For cases where traffic pattern is used to block a connection instead of an IP address and port number, the Firestorm type attack can be used by sending SYN packets with data to bypass the traffic identification engine. Dell SonicWALL has since added a new feature to SonicOS to enable the blocking of “TCP SYN packet with data blocking.” This new option can be found on the Firewall Settings > Flood Protection screen in the SonicOS management interface. This new capability will require a new SonicOS Hotfix build (see below).
Dell SonicWALL Firewalls
TZ, NSA, E-Class NSA, SuperMassive
All versions prior to SonicOS 5.9
All versions prior to SonicOS 6.2
Upgrade 220.127.116.11-16o—HF168014-1o (or newer)
Upgrade 18.104.22.168-24n--HF168014-1n (or newer)
BugSec Group and Cynet
The latest hotfix versions are available from Dell Technical Support. Please contact Dell Technical Support if you experience any issues applying this security update.