TCP RST attack (the cause of all that MD5-o-rama)

Owen DeLong owen at delong.com
Tue Apr 20 18:58:13 UTC 2004


How do you tell an adjacent TTL set to 1 from a TTL set to 5 four hops away?

Owen


--On Tuesday, April 20, 2004 14:54 -0400 James <haesu at towardex.com> wrote:

>
> now let me take a bite at this :P
>
> i can see this 'attack' operational against a multihop bgp session that's
> not md5'd.
>
> now the question is... would this also affect single-hop bgp sessions?
> my understanding would be no, as single-hops require ttl set to 1.
>
> -J
>
>
> On Tue, Apr 20, 2004 at 01:36:09PM -0400, Mike Tancsa wrote:
>>
>>
>>
>> http://www.uniras.gov.uk/vuls/2004/236929/index.htm
>>
>> --------------------------------------------------------------------
>> Mike Tancsa,                          	          tel +1 519 651 3400
>> Sentex Communications,     			  mike at sentex.net
>> Providing Internet since 1994                    www.sentex.net
>> Cambridge, Ontario Canada			  www.sentex.net/mike



-- 
If this message was not signed with gpg key 0FE2AA3D, it's probably
a forgery.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040420/fa653f32/attachment.sig>


More information about the NANOG mailing list