NetScreen Information for VU#539363

State-based firewalls fail to effectively manage session table resource exhaustion



Vendor Statement

NetScreen has studied the issues raised in this vulnerability alert. With proper configuration of their firewalls, customers can virtually eliminate the impact of any of the proposed DoS attacks. Specifically, customers are strongly advised to utilize NetScreen's SYN Flood protection and UDP rate limiter. On some platforms, default timeout parameters might need to be changed in order to have a more consistent response to these attacks. Please refer to NetScreen's support site for more information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Netscreen has published NetScreen Security Alert 52020 to address this issue; for more information, please see