TCP-ACK vulnerability (was RE: SSH on the router)
Stephen J. Wilcox
steve at telecomplete.co.uk
Fri Jun 11 17:06:20 UTC 2004
Private addressing/non routing of the netblock is only of limited use.
I assume here the block is in the IGP.. the more customers/networks you serve
the more chance of an attack coming from within.
Steve
On Thu, 10 Jun 2004, Alexei Roudnev wrote:
>
> Do you have any (even minimal) need to allocate globally routable IP to the
> VLAN1 interface?
>
> Other thing is that, even if I can find your switch, I will not have any
> minimal idea, that it is _your_ switch and any minimal need to break it. You
> can (easily) allocated all switch and router loopback IP in private network
> many years ago, and filtered out this network on all inbound interfaces.
>
> Even if I (if been a hacker) scan your networks and find this switch (and
> you did not moved it out of routable P),
> I will have not any idea, what is it about, where this switch is, and have
> not any reason to break it...
>
>
>
>
> ----- Original Message -----
> From: "Sean Donelan" <sean at donelan.com>
> To: <nanog at merit.edu>
> Sent: Thursday, June 10, 2004 4:19 AM
> Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router)
>
>
> >
> > On Wed, 9 Jun 2004, Alexei Roudnev wrote:
> > > This is minor exploit - usually you set up VLAN1 interface with IP
> addres,
> > > which is filterd out from outside. Moreover, there is not any good way
> to
> > > find switch IP - it is transparent for user's devices.
> >
> > Yeah, port scanners are so rare on the Internet they'll never find your
> > IP address. Its not as if the switches have an easy to detect banner
> > signature, and everyone uses out-of-band management for all their network
> > equipment.
> >
>
>
More information about the NANOG
mailing list