Firewall Wizards mailing list archives
Re: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)
From: Henning Brauer <hb () bsws de>
Date: Thu, 6 May 2004 13:35:06 +0200
* Josh Welch <jwelch () buffalowildwings com> [2004-05-05 18:45]:
Mikael Olsson said: <snip>I still believe that the #1 impact of this vulnerability, as seen in an Internet-wide perspective, is killing BGP sessions in core routers. Do it a few times to trigger route flap detection, and you'll isolate large chunks of the net from eachother, or, worst case, from the rest of the Internet.The advisories I have seen have made this same statement. However, according to another list I read there are a number of network operators who feel this is not a real threat. A number of them hold that it would be excessively challenging to be able to match up the source-ip:source-port and dest-ip:dest-port and effectively reset a BGP session without generating a large volume of traffic, which should be noticed in and of itself.
hiarious. please think about it for a minute: -one port (179) is known -the other is to be guessed, which is trivial with cisco equipment -due to their large window size and extremely poor ISNs, guessing a sequence number within the window is also rather easy large volume of traffic? not at all. -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- CIsco PIX vulnerable to TCP RST DOS attacks Ahmed, Balal (May 05)
- <Possible follow-ups>
- Re: CIsco PIX vulnerable to TCP RST DOS attacks Paul D. Robertson (May 05)
- Re: CIsco PIX vulnerable to TCP RST DOS attacks Shimon Silberschlag (May 05)
- RE: CIsco PIX vulnerable to TCP RST DOS attacks Melson, Paul (May 05)
- Re: CIsco PIX vulnerable to TCP RST DOS attacks Mikael Olsson (May 05)
- RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Josh Welch (May 05)
- Re: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Chuck Swiger (May 05)
- RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Gwendolynn ferch Elydyr (May 05)
- Re: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Henning Brauer (May 06)
- RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Josh Welch (May 05)
- RE: CIsco PIX vulnerable to TCP RST DOS attacks Ahmed, Balal (May 05)
- CIsco PIX vulnerable to TCP RST DOS attacks Dario Calia (May 05)