nanog mailing list archives
Re: UDP-TCP-ACK-SYN Attacks
From: "Pete" <crossfire () smsonline net>
Date: Wed, 9 Jun 2004 19:30:49 -0400
IP Permit Lists will not provide any mitigation against this
vulnerability.
The race is on, who will find your switches first?yes, i often wondered why the permit list allows the session to connect
then
gives you a polite message before disconnecting. anyway this is only on catos.. Steve
I have been up to my ears in UDP-TCP-ACK-SYN Attacks for a couple of weeks now. And IP Lists are useless when the attacker base exceeds that of the router's memory, therefore I agree. Paul Vixie stated earlier that there were/are some "short on work" Cisco BGP/Router Engineers here or around this channel. If that is in-fact the case then I could use some paid help and welcome anyone that wants to strike out on their own and hang up their own shingle. Peter 301-340-1533
Current thread:
- RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim (Jun 07)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- Re: UDP-TCP-ACK-SYN Attacks Pete (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) James (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 11)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)
- Message not available
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)