nanog mailing list archives
Re: TCP/BGP vulnerability - easier than you think
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Fri, 23 Apr 2004 11:48:43 +0200
On 23-apr-04, at 8:35, Florian Weimer wrote:
So I believe filtering out all BGP RSTs on all edges is probably a good idea.
(Edges and borders.)
The problem is that even if you filter the RST, the state transition occurs at the side which receives the SYN and generates the RST. This means that the connection has been desynchronized and will eventually come down, no further data transfer is possible.
Although it doesn't follow from earlier text, on page 71 RFC 793 states that an in-window SYN should reset an ESTABLISHED session. So you are right. This is very bad.
BTW, anyone seen anything supporting Paul Watson's claim that all it takes to break a session is four packets? I assume he's talking about this vulnerability that was fixed in FreeBSD in 1998: http://ciac.llnl.gov/ciac/bulletins/j-008.shtml
I certainly hope our collective favorite vendors didn't overlook this one.
Current thread:
- Re: TCP/BGP vulnerability - easier than you think, (continued)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 21)
- RE: TCP/BGP vulnerability - easier than you think David Luyer (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Crist Clark (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think John Kristoff (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Message not available
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 23)
- Message not available
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Leo Bicknell (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Petri Helenius (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 26)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Simon Leinen (Apr 28)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Pete Kruckenberg (Apr 21)