RE: Major TCP Vulnerability

Tue, 20 Apr 2004 14:17:32 -0700 

CERT has issued a vulnerability email.

They seem to think it's a little more serious....

8><----

   Technical Cyber Security Alert TA04-111A archive 

Vulnerabilities in TCP

   Original release date: April 20, 2004
   Last revised: --
   Source: US-CERT

Systems Affected

     * Systems that rely on persistent TCP connections, for example
       routers supporting BGP

8><----

Your info may run over a IPSEC link but if the border routers of your ISP go
down, your still stuffed.

regards

Thing

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phillip
Hofmeister
Sent: Wednesday, 21 April 2004 8:42 a.m.
To: [EMAIL PROTECTED]
Subject: Re: Major TCP Vulnerability


On Tue, 20 Apr 2004 at 02:49:48PM -0400, Thomas Sj?gren wrote:
> Since the article is for subscribers only, this is a "wild" guess: 
> http://www.uniras.gov.uk/vuls/2004/236929/index.htm

This article isn't anything I am going to loose sleep over.  Any mission
critical long term TCP connections over an untrusted network (The
Internet) should already be using IPSec.

As for non-mission critical connections, the two parties will just reconnect
at a later time.

Also, unless the attackers know the source port of the client side of the
TCP connection, this attack is useless.  The only way for them to get the
client/source port would be to:

A) Have access to the datastream (if this is the case, you have more to
worry about than them resetting your connection).

B) Have login access to either machine and then run netstat (or a
similar) utility which will tell them the information.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import

----- End forwarded message -----

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to