Interesting People mailing list archives
more on Experts Report Major Internet Vulnerability
From: Dave Farber <dave () farber net>
Date: Tue, 20 Apr 2004 17:11:58 -0400
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Tue, 20 Apr 2004 13:53:43 -0700 From: Richard Willey <richard_willey () symantec com> Subject: Re: [IP] Experts Report Major Internet Vulnerability To: dave () farber net Hi Dave This email seems un-necessarily alarmist: The vulnerability in question has to do with reseting TCP connections, NOT computers. The principles behind that attack have been known for years. The main contribution of the author is noting that BGP is particularly vulnerable to this attack based on the long-lived nature of the applications TCP connections. There is a good write-up available at http://www.uniras.gov.uk/vuls/2004/236929/index.htm that documents precisely what is being discussed right here. This writeup also notes some relatively easy work arrounds including (A) Using IPSEC (B) Reducing the size of the TCP Windows Furthermore, the author notes that the TCP MD5 signature option is also an effective worrk arorund. Regards Richard Richard Willey Strategic Marketing Symantec Corporation Office: (408) 517-7740 Interoffice: 6 [408] 7740 Mobile: (408) 410-7112 : Hail Ants ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Experts Report Major Internet Vulnerability Dave Farber (Apr 20)