TCP/BGP vulnerability - easier than you think
Iljitsch van Beijnum
iljitsch at muada.com
Fri Apr 23 09:48:43 UTC 2004
On 23-apr-04, at 8:35, Florian Weimer wrote:
>> So I believe filtering out all BGP RSTs on all
>> edges is probably a good idea.
(Edges and borders.)
> The problem is that even if you filter the RST, the state transition
> occurs at the side which receives the SYN and generates the RST. This
> means that the connection has been desynchronized and will eventually
> come down, no further data transfer is possible.
Although it doesn't follow from earlier text, on page 71 RFC 793 states
that an in-window SYN should reset an ESTABLISHED session. So you are
right. This is very bad.
BTW, anyone seen anything supporting Paul Watson's claim that all it
takes to break a session is four packets? I assume he's talking about
this vulnerability that was fixed in FreeBSD in 1998:
http://ciac.llnl.gov/ciac/bulletins/j-008.shtml
I certainly hope our collective favorite vendors didn't overlook this
one.
More information about the NANOG
mailing list