cancel
Showing results for 
Search instead for 
Did you mean: 

PCI compliance with a 2704N

petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

PCI compliance with a 2704N

Hi,

 

We take card payments at our shop and need to comply with PCI.  We are required to run an intrusion test from the PCI organisation and the last two have failed with the following error;

TCP/IP SYN+FIN Packet Filtering Weakness

The remote host does not discard TCP SYN packets that have the FIN flag set.  Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules.

The PCI crew say update the firmware but I've checked with Plusnet and 7.275.11_F2704N_Plusnet which we're on is the latest.

 

Any ideas where we might go next?

 

Thanks,

Pete

7 REPLIES
markhawkin
Aspiring Pro
Posts: 263
Thanks: 34
Fixes: 6
Registered: ‎17-07-2016

Re: PCI compliance with a 2704N

It sounds like you need to buy some hardware which meets the configuration requirements of the payment people.

 

Does the payment company have a suggested "package" ?

 

It doesn't seem likely that an ISP's "free" hardware will meet the requirements.

I am the satisfied customer....
petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

Re: PCI compliance with a 2704N

Yeah, I realise that's the most likely outcome here.

The only thing was the PCI support team being fairly sure a firmware upgrade would fix it so thought it worth a shot asking the question.
Community Veteran
Posts: 26,748
Thanks: 962
Fixes: 10
Registered: ‎10-04-2007

Re: PCI compliance with a 2704N

Could the Plusnet firewall configured via connection settings on the portal help with this?

https://www.plus.net/help/broadband/about-plusnets-broadband-firewall/

jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
petejohnson77
Newbie
Posts: 3
Registered: ‎22-08-2018

Re: PCI compliance with a 2704N

Thanks for the updates.

I did have a look for the issue described about SYN packets but I haven't found anything relating to the Plusnet router.
RealAleMadrid
Aspiring Champion
Posts: 878
Thanks: 348
Fixes: 17
Registered: ‎07-07-2009

Re: PCI compliance with a 2704N

The plusnet account level firewall is totally separate from any router firewall but I do not know if it will help in your situation.  You can access it from the member centre...manage account....connection settings....Broadband Firewall

edwardswalker
Newbie
Posts: 1
Registered: Thursday

Re: PCI compliance with a 2704N

Hi Pete,

 

Just a quick one to see if you got this resolved and if so, how exactly?

 

I'm having the same issue with my router for my PCI compliance.

 

Thanks.

Community Gaffer
Community Gaffer
Posts: 13,654
Thanks: 1,290
Fixes: 106
Registered: ‎04-04-2007

Re: PCI compliance with a 2704N

@edwardswalker, I've just pushed an update to your router that should allow it to pass the SYN packet test. Let me know how it goes...

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵