North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: TCP/BGP vulnerability - easier than you think
- From: Leo Bicknell
- Date: Fri Apr 23 11:21:16 2004
I point out NetBSD released this:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
Of interest is this paragraph:
] Additionally, the 4.4BSD stack from which NetBSD's stack is derived, did
] not even check that a RST's sequence number was inside the window. RSTs
] anywhere to the left of the window were treated as valid.
It's a good thing the 4.4BSD stack was unpopular, otherwise it might be
in a lot of programs.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Attachment:
pgp00017.pgp
Description: PGP signature
|
