nanog mailing list archives

Re: UDP-TCP-ACK-SYN Attacks

From: "Pete" <crossfire () smsonline net>
Date: Wed, 9 Jun 2004 19:30:49 -0400

IP Permit Lists will not provide any mitigation against this

vulnerability.


The race is on, who will find your switches first?


yes, i often wondered why the permit list allows the session to connect

then

gives you a polite message before disconnecting.

anyway this is only on catos..

Steve


I have been up to my ears in UDP-TCP-ACK-SYN Attacks for a couple of weeks
now. And IP Lists are useless when the attacker base exceeds that of the
router's memory, therefore I agree.

Paul Vixie stated earlier that there were/are some "short on work" Cisco
BGP/Router Engineers here or around this channel. If that is in-fact the
case then I could use some paid help and welcome anyone that wants to strike
out on their own and hang up their own shingle.


Peter
301-340-1533

Current thread:

RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim (Jun 07)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
  - Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
    - Re: UDP-TCP-ACK-SYN Attacks Pete (Jun 09)
  - Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 09)
  - Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 09)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 10)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 10)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) James (Jun 10)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 10)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 11)
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)
    - Message not available
    - Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)