Firewall Wizards mailing list archives
RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)
From: MHawkins () TULLIB COM
Date: Thu, 6 May 2004 11:09:00 -0400
It took one of our junior engineers about half an hour to call our four ISP's and organize a night time change to our four Internet routers to use an MD5 hash for BGP peering. Half and hour to organize plus half an hour to make the changes. Time well spent for a little peace of mind. Mike H -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Henning Brauer Sent: Thursday, May 06, 2004 7:35 AM To: Josh Welch Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) * Josh Welch <jwelch () buffalowildwings com> [2004-05-05 18:45]:
Mikael Olsson said: <snip>I still believe that the #1 impact of this vulnerability, as seen in an Internet-wide perspective, is killing BGP sessions in core routers. Do it a few times to trigger route flap detection, and you'll isolate large chunks of the net from eachother, or, worst case, from the rest of the Internet.The advisories I have seen have made this same statement. However,
according
to another list I read there are a number of network operators who feel
this
is not a real threat. A number of them hold that it would be excessively challenging to be able to match up the source-ip:source-port and dest-ip:dest-port and effectively reset a BGP session without generating a large volume of traffic, which should be noticed in and of itself.
hiarious. please think about it for a minute: -one port (179) is known -the other is to be guessed, which is trivial with cisco equipment -due to their large window size and extremely poor ISNs, guessing a sequence number within the window is also rather easy large volume of traffic? not at all. -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) MHawkins (May 06)
- Message not available
- RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks) Marcus J. Ranum (May 06)
- Message not available