North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: TCP/BGP vulnerability - easier than you think
- From: Daniel Roesen
- Date: Wed Apr 21 08:40:37 2004
On Wed, Apr 21, 2004 at 02:10:05PM +0200, Iljitsch van Beijnum wrote:
> > "The issue described in this advisory is the practicability of
> > resetting an established TCP connection by sending suitable TCP
> > packets with the RST (Reset) or SYN (Synchronise) flags set."
>
> And:
>
> "It is also possible to perform the same attack with SYN (synchronise)
> packets. An established connection will abort by sending a RST if it
> receives a duplicate SYN packet with initial sequence number within the
> TCP window."
>
> So the attacker sends a spoofed SYN to router A, and router A sends an
> RST to router B and router B terminates the BGP session.
Correct.
> The good part here is that filtering RSTs should still work.
It doesn't. The RST are then being sent by the authorized sender and
your edge anti-spoof filtering for RST doesn't help a single millimeter.
|
