Host Responded to 4 TCP SYN Probes on Port 24567 from Source Port 53(PCI DSS Cloudflare Resolved)

Godwin Incrisz — Sun, 10 Nov 2024 03:53:18 +0000

Introduction

In the world of PCI DSS compliance, businesses must frequently undergo security scans to identify vulnerabilities and ensure sensitive payment data remains safe. While these scans are critical, they can sometimes produce false positives—alerts that signal issues where there are none due to unique configurations or third-party services.

One common alert businesses encounter is the "TCP Source Port Pass Firewall" warning, which may indicate that a host responded to probes on one source port (usually associated with DNS) but not on others. Let’s explore why this specific alert often results from legitimate traffic routing and how to resolve it confidently.

Understanding the TCP Source Port Pass Firewall Alert

The alert in question might look something like this:

“The host responded 4 times to 4 TCP SYN probes sent to destination port 24567 using source port 53. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.”

Proverbs 3:5-6

In simpler terms, this alert suggests that the firewall is allowing TCP traffic on destination port 24567 when the source port is set to 53 but is blocking the same destination port when accessed from other, random source ports. Automated PCI DSS scans may flag this as a potential vulnerability, suggesting inconsistent firewall behavior that could theoretically allow unauthorized access.

However, this alert is likely a false positive for companies that use Cloudflare or similar CDN (Content Delivery Network) services. Because Cloudflare manages traffic through a secure network using dynamic IPs and customized routing, certain probes may be flagged even though they reflect normal, secure operations. These probes do not reach the internal network but instead reflect Cloudflare’s legitimate traffic handling.

Steps to Resolve This False Positive

If you encounter this type of alert, follow these steps to assess and document it as a false positive:

Check the IP Source: Identify if the flagged IP is part of a CDN or proxy service like Cloudflare. In this case, any responses to probes on port 24567 are likely due to Cloudflare’s security and routing protocols, not a misconfiguration in your network.
Review Firewall and Network Policies: Ensure your firewall settings securely control access to critical ports, like port 53. This will confirm that any unique responses are coming from your CDN rather than an internal vulnerability.
Submit a False Positive Report: Once you’ve documented the details, submit a report to your PCI DSS scanning provider. The report should explain that the alert stems from legitimate Cloudflare traffic and confirm that your network remains PCI-compliant and secure.

Conclusion

Maintaining PCI DSS compliance requires diligence, and that includes correctly identifying and resolving false positives. By understanding common alerts like the TCP Source Port Pass Firewall and documenting them accurately, you can ensure your compliance status remains correct without unnecessary remediation.

For a sample report template that you can send directly to your PCI scanning provider, download the False Positive Report: TCP Source Port Pass Firewall (CVSS Base Score 5.0) document here.

Lloyds Payment Card Integration Using PHP: Cardnet Hosted Payment Page (Connect Solution)

Godwin Incrisz — Tue, 05 Nov 2024 13:05:31 +0000

Introduction

Integrating a secure and reliable payment gateway is essential for e-commerce businesses. Lloyds Bank's Cardnet® Hosted Payment Page solution, Connect, offers a secure way to process transactions. Customers are redirected to a Lloyds-hosted page to complete their transactions and then return to your website. Here’s how you can set it up, integrate it with PHP, and make it a seamless experience for your users.

Features of Lloyds Cardnet Hosted Payment Page

The Hosted Payment Page provided by Lloyds Cardnet has several benefits:

Customization: Personalize the payment page with your business logo and colors.
PCI DSS Compliance: Cardnet handles PCI DSS and 3D Secure compliance.
Real-time Reporting: Access customer analytics 24/7 through Cardnet’s reporting dashboard.

Proverbs 11:1

Setting Up Your Hosted Payment Page

Before diving into the code, it's essential to set up your merchant account with Lloyds Cardnet. Here are the main points to remember:
Merchant Account Creation: Businesses must set up a merchant acquiring an account with Cardnet. This process can take 7-10 working days.
Integration Timeline: Connecting the hosted payment page to a website generally takes 2-4 weeks, depending on the site's complexity.
Funding Time: Funds are typically transferred in 3-5 working days, with a faster 2-day option available for a fee.

Integration Code Walkthrough

In this guide, we'll walk through the PHP code that integrates Lloyds' Hosted Payment Page with your website, ensuring a smooth and secure checkout experience for your customers.

Step 1: Setting Up Basic Configuration

Begin by configuring the essential fields based on your account details and requirements. The following PHP code defines transaction properties such as Store ID, timezone, transaction type, and more.

$storeId = "store_id";            // Unique identifier for your store
$timezone = "Europe/London";        // Timezone setting
$txntype = "sale";                  // Transaction type (e.g., sale)
$chargetotal = "13.00";             // Amount to charge
$currency = "826";                  // ISO 4217 currency code (826 for GBP)
$txndatetime = gmdate("Y:m:d-H:i:s"); // Transaction datetime in UTC
$responseSuccessURL = "https://example.com/success.php"; // Success redirect URL
$responseFailURL = "https://example.com/failure.php";    // Failure redirect URL
$checkoutoption = "combinedpage";   // Checkout option
$hash_algorithm = "HMACSHA256";     // Hashing algorithm for secure transactions

Note:This setup ensures that your transaction is configured according to Lloyds' requirements.

Step 2: Creating the Concatenated String

Next, create a concatenated string from these values. This string will be hashed to maintain security. Here’s how it’s built:

// Concatenate the required fields to create a single string for hashing
$stringToHash = $chargetotal . "|" . $checkoutoption . "|" . $currency . "|" .
    $hash_algorithm . "|" . $responseFailURL . "|" . $responseSuccessURL . "|" .
    $storeId . "|" . $timezone . "|" . $txndatetime . "|" . $txntype;

echo "Concatenated String: " . $stringToHash . "<br>";

Note:The concatenated string is critical for creating a hash that will verify the transaction's integrity.

Step 3: Generating the Hash

To ensure the transaction’s security, use the hash_hmac() function with the SHA-256 algorithm. This generates a hashed version of the concatenated string using your shared secret, which is essential for secure transactions.

// Secret key for hashing (from your secure configuration)
$sharedSecret = "shared_secret"; 

// Generate the hash using SHA-256 algorithm and encode it in base64
$hash = hash_hmac('sha256', $stringToHash, $sharedSecret, true);
$hashOutput = base64_encode($hash);

echo "Generated Hash: " . $hashOutput . "<br>";

Note:This hash will be sent along with your form data to verify that the transaction details haven't been tampered with.

Step 4: Building the HTML Form

Now, create the HTML form that will send this data to Lloyds' payment gateway. This form includes the hashed value (hashExtended) and other transaction details. When the user submits the form, they’ll be directed to the Lloyds-hosted payment page.

<form method="post" action="https://test.ipg-online.com/connect/gateway/processing">
    <p><label for="storename">Store ID:</label>
       <input type="text" name="storename" value="<?php echo $storeId; ?>" /></p>
    <p><label for="timezone">Timezone:</label>
       <input type="text" name="timezone" value="<?php echo $timezone; ?>" /></p>
    <p><label for="txntype">Transaction Type:</label>
       <input type="text" name="txntype" value="<?php echo $txntype; ?>" /></p>
    <p><label for="chargetotal">Transaction Amount:</label>
       <input type="text" name="chargetotal" value="<?php echo $chargetotal; ?>" /></p>
    <p><label for="currency">Currency (ISO4217):</label>
       <input type="text" name="currency" value="<?php echo $currency; ?>" /></p>
    <p><label for="txndatetime">Transaction DateTime:</label>
       <input type="text" name="txndatetime" value="<?php echo $txndatetime; ?>" /></p>
    <p><label for="responseSuccessURL">Response Success URL:</label>
       <input type="text" name="responseSuccessURL" value="<?php echo $responseSuccessURL; ?>" /></p>
    <p><label for="responseFailURL">Response Fail URL:</label>
       <input type="text" name="responseFailURL" value="<?php echo $responseFailURL; ?>" /></p>
    <p><label for="hashExtended">Hash Extended:</label>
       <input type="text" name="hashExtended" value="<?php echo $hashOutput; ?>" readonly="readonly" /></p>
    <p><label for="hash_algorithm">Hash Algorithm:</label>
       <input type="text" name="hash_algorithm" value="<?php echo $hash_algorithm; ?>" readonly="readonly" /></p>
    <p><label for="checkoutoption">Checkout Option:</label>
       <input type="text" name="checkoutoption" value="<?php echo $checkoutoption; ?>" /></p>
    <input type="submit" value="Submit">
</form>

Note:This form is automatically populated with PHP values, ensuring each transaction's details are securely embedded.

Happy coding, and cheers to a successful integration!
Github Link for code

DEV Community: Godwin Incrisz

Host Responded to 4 TCP SYN Probes on Port 24567 from Source Port 53(PCI DSS Cloudflare Resolved)

Introduction

Understanding the TCP Source Port Pass Firewall Alert

Steps to Resolve This False Positive

Conclusion

Lloyds Payment Card Integration Using PHP: Cardnet Hosted Payment Page (Connect Solution)

Introduction

Features of Lloyds Cardnet Hosted Payment Page

Setting Up Your Hosted Payment Page

Integration Code Walkthrough

Step 1: Setting Up Basic Configuration

Step 2: Creating the Concatenated String

Step 3: Generating the Hash

Step 4: Building the HTML Form