A customer has a dedicated Internet connection for their point of sale debit machine. In order to pass PCI compliance they they have to have their network scanned by a third party.
https://www.pcicomplianceguide.org/faq/ . It's basically a NESSUS scan. The AIRSTATION_HIGHPOWER_N300_DD-WRT with the most recent firmware failed that test. From the report...
The remote host seems to generate Initial Sequence Numbers (ISN) in a weak
manner which seems to solely depend on the source and dest port of the TCP
packets.
http://seclists.org/bugtraq/2002/Aug/60http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.htmlThis is a bug that goes way back to 2002 that should have been patched with kernel V 2.4. Any suggestions or alternative FW that we could try? I did download the latest DD-WRT FW but it would not load from the web interface and I don't wish to brick the unit.