nanog mailing list archives
Re: TCP/BGP vulnerability - easier than you think
From: Daniel Roesen <dr () cluenet de>
Date: Wed, 21 Apr 2004 13:27:42 +0200
On Wed, Apr 21, 2004 at 01:23:54PM +0200, Iljitsch van Beijnum wrote:
On Wed, 21 Apr 2004, Daniel Roesen wrote:access-list 123 deny tcp any any eq bgp rst log-input access-list 123 deny tcp any eq bgp any rst log-inputUnfortunately, not all vendors are able to look at the RST bit when filtering...The general ignorance to the fact that SYN works as well is astonishing. :-)What are you talking about?
http://www.uniras.gov.uk/vuls/2004/236929/index.htm First paragraph of the summary: "The issue described in this advisory is the practicability of resetting an established TCP connection by sending suitable TCP packets with the RST (Reset) or SYN (Synchronise) flags set." You can break TCP sessions not only be injecting harmfully crafted RST packets, but also with SYN packets. All talk I see going on is always about harmful RST packets only. Seems like noone realized that the thread is equally intense with SYN packets.
Current thread:
- Re: TCP/BGP vulnerability - easier than you think, (continued)
- Re: TCP/BGP vulnerability - easier than you think Patrick W . Gilmore (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Rob Thomas (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Joe Abley (Apr 20)
- RE: TCP/BGP vulnerability - easier than you think David Luyer (Apr 20)
- Re: TCP/BGP vulnerability - easier than you think Adam Rothschild (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Daniel Roesen (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Daniel Roesen (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Daniel Roesen (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Daniel Roesen (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 21)
- RE: TCP/BGP vulnerability - easier than you think David Luyer (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Crist Clark (Apr 22)