TCP/BGP vulnerability - easier than you think

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23-apr-04, at 8:35, Florian Weimer wrote:

>> So I believe filtering out all BGP RSTs on all
>> edges is probably a good idea.

(Edges and borders.)

> The problem is that even if you filter the RST, the state transition
> occurs at the side which receives the SYN and generates the RST.  This
> means that the connection has been desynchronized and will eventually
> come down, no further data transfer is possible.

Although it doesn't follow from earlier text, on page 71 RFC 793 states 
that an in-window SYN should reset an ESTABLISHED session. So you are 
right. This is very bad.

BTW, anyone seen anything supporting Paul Watson's claim that all it 
takes to break a session is four packets? I assume he's talking about 
this vulnerability that was fixed in FreeBSD in 1998: 
http://ciac.llnl.gov/ciac/bulletins/j-008.shtml

I certainly hope our collective favorite vendors didn't overlook this 
one.

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]