TCP/BGP vulnerability - easier than you think

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23-apr-04, at 12:03, Florian Weimer wrote:

>> BTW, anyone seen anything supporting Paul Watson's claim that all it
>> takes to break a session is four packets?

> Where does he claim that?

In several news stories, such as  
http://www.wired.com/news/technology/0,1282,63143,00.html? 
tw=wn_tophead_2

> I've browsed his paper and the packet numbers he gives are higher.

Do you have a link? I haven't been able to find it so far.

> Either this issue has been wildly exaggerated, or Paul Watson's paper
> is not the whole story.

Yes. I've never been one for conspiracy theories but now I'm tempted to  
become a believer... ("That whole SMNP vulnerability thing was just a  
trick to get us to install fixed IOSes before the real story gets  
out.")

>> I assume he's talking about this vulnerability that was fixed in
>> FreeBSD in 1998: http://ciac.llnl.gov/ciac/bulletins/j-008.shtml

>> I certainly hope our collective favorite vendors didn't overlook
>> this one.

> Maybe they have fixed it now?  This would explain most of the frenzy.

I guess we have to wait a bit longer to find out.

• Previous message (by thread): TCP/BGP vulnerability - easier than you think
• Next message (by thread): TCP/BGP vulnerability - easier than you think
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]