Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jul 19 18:06:52 UTC 2006
On Wed, 19 Jul 2006 02:02:20 CDT, Gadi Evron said:
> Some ISP networks do not reset open TCP connections of customers that
> were either cut-off by the ISP or cut off by self-initiation. While it is
> responsibility of every person to terminate every open connection before
> link termination, when the ISP initiates this, it cannot be guaranteed. A
> customer who happens to resume a recycled dynamic IP can then read the
> previous persons open sessions.
Low threat level indeed. The following *ALL* need to happen for it to be a
problem:
1) You need to get disconnected unexpectedly.
2) Your IP address needs to be re-assigned quickly - before the ISP's routing
hardware has a chance to send too many ICMP Dest Unreachable and cause a
connection shutdown.
3) Your IP address needs to be handed to a malicious user.
4) Said malicious user has to be running an IP stack configured to *NOT*
send back a TCP RST or ICMP Port Unreachable when a packet comes in.
5) The connection being hijacked needs to have in-flight data that will be
retransmitted or a keep-alive packet or other similar hint to the attacker
that the connection exists.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060719/52009f63/attachment.sig>
More information about the NANOG
mailing list