Hi!
Reading through security blogs I found a rather interesting article regarding current generation firewalls. Since ROS is equipped with stateful firewall it may be also vulnerable.
Article is published at http://www.cynet.com/blog/, but looking at the link it may change so I made a screenshot: http://i.imgur.com/WN98i5F.png
Could someone from MikroTik comment on that?
maybe a regexp on a L7 filter can catch it??
in theory when a connection is blocked the syn does not even pass??
i think only affect next gen utm firewall who perform app id off course when connections are allowed
Of course when you have an IP Firewall rule that blocks establishment of TCP sessions to some specific port (or to all ports except some specific ones), you are not vulnerable to such attacks.
I have not seen a firewall that works like the one they describe (that allows all connections initially), but maybe they exist.
Maybe they are factory-default setups that a normal operator would always modify.
