nanog mailing list archives
Re: Vendor TCP oops-es (was Re: TCP/BGP vulnerability)
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Wed, 21 Apr 2004 22:09:07 +0200
On 21-apr-04, at 21:18, Todd Vierling wrote:
[*] I must admit one thing, for instance: This "Advisory" was a problem for NetBSD, but not because its port allocation scheme was crappy. It so happened that NetBSD wasn't properly validating the sequence number to bewithin the window. "Oops."
You can say that again. I think I found this bug in the FreeBSD source code (where it was fixed). Any info on which of our favorite vendors have the same bug in their code?
If they do, the bad news is that resetting a session may take only a few thousand packets (just 2 assuming all other info such as port numbers is known). The good news is that MD5 should hold up well against the exploit. But filtering BGP RSTs is also a good idea, IMO.
Current thread:
- Re: TCP/BGP vulnerability - easier than you think, (continued)
- Re: TCP/BGP vulnerability - easier than you think Leo Bicknell (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Petri Helenius (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 26)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Simon Leinen (Apr 28)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Pete Kruckenberg (Apr 21)
- Vendor TCP oops-es (was Re: TCP/BGP vulnerability) Todd Vierling (Apr 21)
- Re: Vendor TCP oops-es (was Re: TCP/BGP vulnerability) Iljitsch van Beijnum (Apr 21)
- Re: Massive stupidity (Was: Re: TCP vulnerability) Alexei Roudnev (Apr 22)