TCP/BGP vulnerability - easier than you think
Rob Thomas
robt at cymru.com
Wed Apr 21 04:17:19 UTC 2004
Hi, Patrick.
] Really? I certainly hope an attacker tries those three ports on a
] router I know about. Looking at a random cisco router at a random NAP
] with a significant number of peers, there are a total of zero session
] on those ports.
The ephemeral ports are used for active opens, not passive opens. In
other words there won't be a listener bound on the ephemeral ports.
Try nmap'ing the source port you use to SSH to TCP 22 on a remote
server, for example - same negative result. That doesn't mean it
isn't using the "closed" port as a source port. :)
Or did I misunderstand the post? I'm low on coffee tonight. :)
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
More information about the NANOG
mailing list