TCP/BGP vulnerability - easier than you think
Iljitsch van Beijnum
iljitsch at muada.com
Fri Apr 23 10:13:33 UTC 2004
On 23-apr-04, at 12:03, Florian Weimer wrote:
>> BTW, anyone seen anything supporting Paul Watson's claim that all it
>> takes to break a session is four packets?
> Where does he claim that?
In several news stories, such as
http://www.wired.com/news/technology/0,1282,63143,00.html?
tw=wn_tophead_2
> I've browsed his paper and the packet numbers he gives are higher.
Do you have a link? I haven't been able to find it so far.
> Either this issue has been wildly exaggerated, or Paul Watson's paper
> is not the whole story.
Yes. I've never been one for conspiracy theories but now I'm tempted to
become a believer... ("That whole SMNP vulnerability thing was just a
trick to get us to install fixed IOSes before the real story gets
out.")
>> I assume he's talking about this vulnerability that was fixed in
>> FreeBSD in 1998: http://ciac.llnl.gov/ciac/bulletins/j-008.shtml
>> I certainly hope our collective favorite vendors didn't overlook
>> this one.
> Maybe they have fixed it now? This would explain most of the frenzy.
I guess we have to wait a bit longer to find out.
More information about the NANOG
mailing list