penetracion test against Quovadx

While I an not sure what methods of penetration that the testing software that was used performed, I will make a couple of general statements about this, as I understand things.

Since the typical interface in Cloverleaf is a persistent tcp/ip socket, it will always be vulnerable to ip/macs address spoofing type connection hijacking attacks.  As far as I know there is no way to mitigate this inside the firewall (ie. inside the “protected LAN”).  Once a connection has been hijacked, I would not expect the Cloverleaf connection to be able to recover on its own.  Cloverleaf relies on a proper closing of the tcpip connection to reset the state to “opening”.  If for any reason this closing handshake does not happen, Cloverleaf will usually remain in an “up” state even though the actual connection may not still be viable.  Without a transition to “opening” Cloverleaf will not try to reestablish the connection, since it would still “think” it is up.

The only remedy I know of for this is to monitor “Last Rd” and “Last Wt” times on the threads/connections and if a gap become apparent, restart the thread/connection.  I do this from Cron on our AIX system.  There maybe other/better ways, but this works well for us for a few connections we have that “die” in abnormal ways on a regular basis.

I hope this helps.

You might consider firewalling the cloverleaf ports so that only the expected ips can access them.  This obviously will not work if the remotes use dynamic addressing, but in many cases firewalling would work and be sufficient.

Later releases of Cloverleaf (5.6 and above) are much less vulnerable to penetration tests/attacks.  I suggest you upgrade to a more recent release of the product.