TCP-ACK vulnerability (was RE: SSH on the router)

• Previous message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Next message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do you have any (even minimal) need to allocate globally routable IP to the
VLAN1 interface?

Other thing is that, even if I can find your switch, I will not have any
minimal idea, that it is _your_ switch and any minimal need to break it. You
can (easily) allocated all switch and router loopback IP in private network
many years ago, and filtered out this network on all inbound interfaces.

Even if I (if been a hacker) scan your networks and find this switch (and
you did not moved it out of routable P),
I will have not any idea, what is it about, where this switch is, and have
not any reason to break it...




----- Original Message ----- 
From: "Sean Donelan" <sean at donelan.com>
To: <nanog at merit.edu>
Sent: Thursday, June 10, 2004 4:19 AM
Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router)


>
> On Wed, 9 Jun 2004, Alexei Roudnev wrote:
> > This is minor exploit - usually you set up VLAN1 interface with IP
addres,
> > which is filterd out from outside. Moreover, there is not any good way
to
> > find switch IP - it is transparent for user's devices.
>
> Yeah, port scanners are so rare on the Internet they'll never find your
> IP address.  Its not as if the switches have an easy to detect banner
> signature, and everyone uses out-of-band management for all their network
> equipment.
>

• Previous message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Next message (by thread): TCP-ACK vulnerability (was RE: SSH on the router)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]