Re: Massive stupidity (Was: Re: TCP vulnerability)

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: Massive stupidity (Was: Re: TCP vulnerability)

From: Sean Donelan
Date: Tue Apr 20 17:57:12 2004

On Tue, 20 Apr 2004, Richard A Steenbergen wrote:
> Anyone who seriously wanted to protect against this attack could easily
> deploy RST rate limits against their management interfaces, rather than
> run around trying to set up MD5 with every peer. As a long term
> improvement, a random ephemeral port selection process could be used.

Insufficient to completely protect against the identified vulnerabilities.
Please continue reading.

References:
- TCP vulnerability Grant A. Kirkwood
- Massive stupidity (Was: Re: TCP vulnerability) Richard A Steenbergen

Prev by Date: Re: TCP RST attack (the cause of all that MD5-o-rama)
Next by Date: Re: Xspedius / E.Spire as wellRe: Winstar says there is no TCP/BGPvulnerability
Date Index
Thread Index
Author Index
Historical