Check Point Advisories

Security Best Practice: Adobe Flash Proxy Auto-Discovery DHCP Traffic Inspection

Check Point Reference: SBP-2008-11
Date Published: 2 Oct 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? Microsoft Windows Systems
Vulnerability Description The Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices to obtain the parameters necessary for operation in an Internet Protocol network. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration.
Adobe Flash is a multimedia software that is commonly used to create animation, advertisements, and various web page components.
There is a feature in Flash Player 8 that allows auto discovery of an Edge server on a local network. When the connection is created a broadcast is sent on the DHCP port, the Edge server answers the request and the Flash Player reconnects through the edge server.

The SmartDefense DHCP Protocol Enforcement protection is blocking this kind of pseudo-DHCP traffic by default.
The update enables users to allow such traffic without inspection.
Vulnerability DetailsThe update allows users to configure the DHCP protection: when the "Do not inspect Adobe Flash 8 Proxy Auto-Discovery pseudo DHCP" inner checkbox is selected, this type of packets will not be inspected (as they aren't real DHCP packets). An appropriate log will be issued upon discovery of such traffic (even when allowed) according to the track option.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK