cancel
Showing results for 
Search instead for 
Did you mean: 

PCI compliance with a 2704N

petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

PCI compliance with a 2704N

Hi,

 

We take card payments at our shop and need to comply with PCI.  We are required to run an intrusion test from the PCI organisation and the last two have failed with the following error;

TCP/IP SYN+FIN Packet Filtering Weakness

The remote host does not discard TCP SYN packets that have the FIN flag set.  Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules.

The PCI crew say update the firmware but I've checked with Plusnet and 7.275.11_F2704N_Plusnet which we're on is the latest.

 

Any ideas where we might go next?

 

Thanks,

Pete

48 REPLIES 48
markhawkin
Pro
Posts: 552
Thanks: 121
Fixes: 11
Registered: ‎17-07-2016

Re: PCI compliance with a 2704N

It sounds like you need to buy some hardware which meets the configuration requirements of the payment people.

 

Does the payment company have a suggested "package" ?

 

It doesn't seem likely that an ISP's "free" hardware will meet the requirements.

I am the satisfied customer....
petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

Re: PCI compliance with a 2704N

Yeah, I realise that's the most likely outcome here.

The only thing was the PCI support team being fairly sure a firmware upgrade would fix it so thought it worth a shot asking the question.
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: PCI compliance with a 2704N

Could the Plusnet firewall configured via connection settings on the portal help with this?

https://www.plus.net/help/broadband/about-plusnets-broadband-firewall/

jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

Re: PCI compliance with a 2704N

Thanks for the updates.

I did have a look for the issue described about SYN packets but I haven't found anything relating to the Plusnet router.
RealAleMadrid
Aspiring Hero
Posts: 2,713
Thanks: 1,395
Fixes: 59
Registered: ‎07-07-2009

Re: PCI compliance with a 2704N

The plusnet account level firewall is totally separate from any router firewall but I do not know if it will help in your situation.  You can access it from the member centre...manage account....connection settings....Broadband Firewall

edwardswalker
Newbie
Posts: 2
Registered: ‎10-01-2019

Re: PCI compliance with a 2704N

Hi Pete,

 

Just a quick one to see if you got this resolved and if so, how exactly?

 

I'm having the same issue with my router for my PCI compliance.

 

Thanks.

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: PCI compliance with a 2704N

@edwardswalker, I've just pushed an update to your router that should allow it to pass the SYN packet test. Let me know how it goes...

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

edwardswalker
Newbie
Posts: 2
Registered: ‎10-01-2019

Re: PCI compliance with a 2704N

Hi Bob,

 

I've just ran a re-test and unfortunately its failed again. I forgot to mention it before, but our router is a plusnet one hub. not the 2704N - would this make a difference?

 

I spoke to our compliance company earlier this week and they suggested that if the router could not be updated then in situations like these before, they would be willing to accept a "screenshot" of some sort which proves that my router is currently using the most up to date Firmware - is this something you could provide?

 

Once I have this, I can show this to my provider and they can approve my compliance.

 

Many thanks for your help.

 

Pete

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: PCI compliance with a 2704N

I must be looking at the wrong account then Pete, as there's only a Hub Zero associated with the account username in your forum profile.

I'm not aware of Hub One's failing these sorts of PCI scans so would be interested in seeing the output so I can raise it with the vendor. Is this something you'd be able to provide?

If you private message me with the serial number, MAC address of the router and your account username then I'll make sure you're on the latest available build.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Casaitalia2
Newbie
Posts: 4
Registered: ‎26-02-2019

Re: PCI compliance with a 2704N

Hi Bob,

We are having the same PCI compliance issue.

The PlusNet customer service team say they cant help.

Do you have a solution?

 

Thanks

Andrea

 

 

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: PCI compliance with a 2704N

Hi Andrea, what router do you have?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Casaitalia2
Newbie
Posts: 4
Registered: ‎26-02-2019

Re: PCI compliance with a 2704N

Hi Bob,

Its a Sagemcom 2704N.

Thanks for the prompt response.

Andrea

 

 

Rmontrose
Newbie
Posts: 1
Registered: ‎05-03-2019

Re: PCI compliance with a 2704N

Also having the same issue.  Where can I download the latest firmware to try that ?  (also Sagemcom 2704N)

 

Thanks

 

 

lingtallwill
Hooked
Posts: 5
Registered: ‎15-03-2019

Re: PCI compliance with a 2704N

I've just contacted Plusnet support to get a latest firmware and have been told NONE of your Modem/Routers are PCI compliant.

Can you confirm? - i have in an email from support.

We use them as modems, and put a proper firewall in the dmz but are failing with the SYN packet test on the older 2704N series.

can you send firmware or advise please.