TCP/BGP vulnerability - easier than you think
Iljitsch van Beijnum
iljitsch at muada.com
Wed Apr 21 11:23:54 UTC 2004
On Wed, 21 Apr 2004, Daniel Roesen wrote:
> > access-list 123 deny tcp any any eq bgp rst log-input
> > access-list 123 deny tcp any eq bgp any rst log-input
> > Unfortunately, not all vendors are able to look at the RST bit when
> > filtering...
> The general ignorance to the fact that SYN works as well is
> astonishing. :-)
What are you talking about?
More information about the NANOG
mailing list