Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Experts Report Major Internet Vulnerability

From: dave () farber net
Date: Sat, 22 May 2004 09:00 -0400


...... Forwarded Message .......
From: Joe Touch <touch () ISI EDU>
To: Dave Farber <dave () farber net>
Date: Fri, 21 May 2004 17:03:48 -0700
Subj: Re: [IP] more on Experts Report Major Internet Vulnerability

Hi, Dave,

I got a bit vexed by the lack of information in the IETF's first shot at 
explaining this attack (below), and ended up writing my own version of 
what the problem really is and what the most appropriate solutions might 
be, in case you or IP are interested:

        http://www.ietf.org/internet-drafts/draft-touch-anonsec-00.txt

As with any I-D, this is a draft only, and input is solicited.

Joe

Joe Touch wrote:


See in particular RFC 2385, a nearly 6-year old RFC that describes both 
the attack issues and some ways to secure against it.

Joe

------------------------------------------------------------------------
Joseph D. Touch                              http://www.isi.edu/touch
Director, Postel Center
USC/ISI
Research Assoc. Prof.
USC CS and EE-Systems Depts.


Dave Farber wrote:



Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Tue, 20 Apr 2004 13:53:43 -0700
From: Richard Willey <richard_willey () symantec com>
Subject: Re: [IP] Experts Report Major Internet Vulnerability
To: dave () farber net

Hi Dave

This email seems un-necessarily alarmist:  The vulnerability in question
has to do with reseting TCP connections, NOT computers.
The principles behind that attack have been known for years.  The main
contribution of the author is noting that BGP is particularly vulnerable
to this attack based on the long-lived nature of the applications TCP
connections.

There is a good write-up available at
http://www.uniras.gov.uk/vuls/2004/236929/index.htm that documents
precisely what is being discussed right here.
This writeup also notes some relatively easy work arrounds including

(A) Using IPSEC
(B) Reducing the size of the TCP Windows

Furthermore, the author notes that the TCP MD5 signature option is 
also an
effective worrk arorund.

Regards

Richard



Richard Willey

Strategic Marketing


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: