TCP/BGP vulnerability - easier than you think

Rob Thomas robt at cymru.com
Wed Apr 21 04:17:19 UTC 2004


Hi, Patrick.

] Really?  I certainly hope an attacker tries those three ports on a
] router I know about.  Looking at a random cisco router at a random NAP
] with a significant number of peers, there are a total of zero session
] on those ports.

The ephemeral ports are used for active opens, not passive opens.  In
other words there won't be a listener bound on the ephemeral ports.
Try nmap'ing the source port you use to SSH to TCP 22 on a remote
server, for example - same negative result.  That doesn't mean it
isn't using the "closed" port as a source port.  :)

Or did I misunderstand the post?  I'm low on coffee tonight.  :)

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);




More information about the NANOG mailing list