nanog mailing list archives
Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 Jul 2006 14:06:52 -0400
On Wed, 19 Jul 2006 02:02:20 CDT, Gadi Evron said:
Some ISP networks do not reset open TCP connections of customers that were either cut-off by the ISP or cut off by self-initiation. While it is responsibility of every person to terminate every open connection before link termination, when the ISP initiates this, it cannot be guaranteed. A customer who happens to resume a recycled dynamic IP can then read the previous persons open sessions.
Low threat level indeed. The following *ALL* need to happen for it to be a problem: 1) You need to get disconnected unexpectedly. 2) Your IP address needs to be re-assigned quickly - before the ISP's routing hardware has a chance to send too many ICMP Dest Unreachable and cause a connection shutdown. 3) Your IP address needs to be handed to a malicious user. 4) Said malicious user has to be running an IP stack configured to *NOT* send back a TCP RST or ICMP Port Unreachable when a packet comes in. 5) The connection being hijacked needs to have in-flight data that will be retransmitted or a keep-alive packet or other similar hint to the attacker that the connection exists.
Attachment:
_bin
Description:
Current thread:
- Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd) Gadi Evron (Jul 19)
- Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd) Per Heldal (Jul 19)
- Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd) Gadi Evron (Jul 19)
- Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks Joe Greco (Jul 19)
- Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd) Valdis . Kletnieks (Jul 19)
- Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd) Per Heldal (Jul 19)