Full Disclosure mailing list archives

Re: Vulnerability in TCP

From: Valdis.Kletnieks () vt edu
Date: Fri, 25 Jun 2010 21:14:08 -0400

On Fri, 25 Jun 2010 14:49:00 EDT, musnt live said:

TCP is called Transmission Control Protocol and it can be with easily
testing spoofed.


Only if the vendor is Doing It Very Wrong.

RFC1948 Defending Against Sequence Number Attacks. S. Bellovin. May 1996.
     (Format: TXT=13074 bytes) (Status: INFORMATIONAL)

A few years later, Michal Zalewski wrote a paper about it:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.96.9652&rep=rep1&type=pdf

And a year after that, a follow up:
http://www.packetstormsecurity.org/papers/protocols/newtcp.htm

The problem was known for a long time before that:
R.T. Morris, "A Weakness in the 4.2BSD UNIX TCP/IP Software",
CSTR 117, 1985, AT&T Bell Laboratories, Murray Hill, NJ.
http://pdos.csail.mit.edu/~rtm/papers/117-abstract.html

Any vendor still botching it in 2010 deserves to be mocked mercilessly.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Vulnerability in TCP musnt live (Jun 25)
- Re: Vulnerability in TCP ☣frank^2 (Jun 25)
- Re: Vulnerability in TCP Valdis . Kletnieks (Jun 25)
  - Re: Vulnerability in TCP Fernando Gont (Jun 26)