nanog mailing list archives
Re: tcp,guardent,bellovin
From: Jim Duncan <jnduncan () cisco com>
Date: Mon, 12 Mar 2001 22:35:37 -0500
Rafi Sadowsky writes:
No eavesdropping at all ? how can a TCP connection be hijacked if you're not on the connection path? (Or capable of diverting the connection past you - breaking routers/source_routing/<whatever>.... )
The attacker merely has to get his data into the TCP stream on the victim host. No return traffic necessary. This means the attacker can be _outside_ the victim's network if source address forgery isn't prevented. This is _not_ new; same attack Mitnick used on Shimomura. If you're on the path, you certainly don't need to guess the TCP ISN to hijack a connection. This isn't new, either. :-) By the way, Cisco stuff that has the fix we advertised in the security advisory a couple of weeks ago is *NOT* vulnerable to the attack announced by Guardent. The older stuff in IOS is not vulnerable either, but some of our other products _are_ vulnerable. Of course, we already announced that at http://www.cisco.com/warp/public/707/advisory.html . I'll be along with a more official announcement, but I figured I'd mention it here, too. Jim -- Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> E-mail: <jnduncan () cisco com> Phone(Direct/FAX): +1 919 392 6209
Current thread:
- tcp,guardent,bellovin Chris Beggy (Mar 12)
- <Possible follow-ups>
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin bert hubert (Mar 12)
- Re: tcp,guardent,bellovin Scott Francis (Mar 12)
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin Jim Duncan (Mar 12)
- Re: tcp,guardent,bellovin Rafi Sadowsky (Mar 12)
- Re: tcp,guardent,bellovin Richard A. Steenbergen (Mar 12)
- Re: tcp,guardent,bellovin bert hubert (Mar 12)
- Re: tcp,guardent,bellovin Valdis . Kletnieks (Mar 12)
- Re: tcp,guardent,bellovin Steven M. Bellovin (Mar 12)