nanog mailing list archives
Re: TCP-ACK vulnerability (was RE: SSH on the router)
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Fri, 11 Jun 2004 18:06:20 +0100 (BST)
Private addressing/non routing of the netblock is only of limited use. I assume here the block is in the IGP.. the more customers/networks you serve the more chance of an attack coming from within. Steve On Thu, 10 Jun 2004, Alexei Roudnev wrote:
Do you have any (even minimal) need to allocate globally routable IP to the VLAN1 interface? Other thing is that, even if I can find your switch, I will not have any minimal idea, that it is _your_ switch and any minimal need to break it. You can (easily) allocated all switch and router loopback IP in private network many years ago, and filtered out this network on all inbound interfaces. Even if I (if been a hacker) scan your networks and find this switch (and you did not moved it out of routable P), I will have not any idea, what is it about, where this switch is, and have not any reason to break it... ----- Original Message ----- From: "Sean Donelan" <sean () donelan com> To: <nanog () merit edu> Sent: Thursday, June 10, 2004 4:19 AM Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router)On Wed, 9 Jun 2004, Alexei Roudnev wrote:This is minor exploit - usually you set up VLAN1 interface with IPaddres,which is filterd out from outside. Moreover, there is not any good waytofind switch IP - it is transparent for user's devices.Yeah, port scanners are so rare on the Internet they'll never find your IP address. Its not as if the switches have an easy to detect banner signature, and everyone uses out-of-band management for all their network equipment.
Current thread:
- RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim (Jun 07)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- Re: UDP-TCP-ACK-SYN Attacks Pete (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) James (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 11)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)
- Message not available
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)