Just for information if anyone else has problems with PCI DSS Scans.
I have a number of routers mainly 2820Vn, 2820n and 2830n which are failing PCI DSS scans. I have lost count on the number of hours trying to solve PCI DSS scan problems with Draytek routers, mainly SIP, SSL and VPN configurations. It would appears there has been an over sight in Draytek regarding the latest firmware's and testing against PCI DSS criteria.
All my routes have been upgraded to the latest firmware yet they are failing on 2 issues
Predictable TCP Initial Sequence Numbers Vulnerability
and
PoPToP PPTP Negative read() Argument Remote Buffer Overflow Vulnerability
2820Vn, 2820n firmware version 3.3.7.8
2830n firmware version 3.6.8.4
I'm aware from previous board message with the 2850 failing on the same issue and they resolved the problem reverting back to a previous firmware found here
http://www.forum.draytek.co.uk/viewtopic.php?f=2&t=20707&p=85291&hilit=pci+dss#p85291
and I am in the process of testing to see if 3.3.5.2 will pass the PCI DSS scans on the 2820's.
To go through 60+ routers to downgrade is going to be a nightmare and disruption to our stores. Please Draytek, can you sort this issue out.
Just to note, it would be a whole lot better from a security point that all functions are disabled out of the box.
