RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)

[Gwendolynn ferch Elydyr <gwen () reptiles org>]

On Wed, 5 May 2004, Josh Welch wrote:
> The advisories I have seen have made this same statement. However, according
> to another list I read there are a number of network operators who feel this
> is not a real threat. A number of them hold that it would be excessively
> challenging to be able to match up the source-ip:source-port and
> dest-ip:dest-port and effectively reset a BGP session without generating a
> large volume of traffic, which should be noticed in and of itself. So, I am
> wondering what people have been seeing, anyone yet seen evidence of an
> attempt to exploit this?

Well - in that case, you'd be depending on how truely random the
source_ip:source_port and dest_ip:dest_port combinations are.  We already
know that three of these pieces of information aren't hard to obtain.

cheers!
==========================================================================
A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards