[69811] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (James)
Tue Apr 20 15:30:02 2004
Date: Tue, 20 Apr 2004 15:29:20 -0400
From: James <haesu@towardex.com>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: James <haesu@towardex.com>, Mike Tancsa <mike@sentex.net>,
nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0404202023240.15106-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog-outgoing@merit.edu
ah yes.. forgot about that :)
Thanks,
-J
On Tue, Apr 20, 2004 at 08:24:02PM +0100, Stephen J. Wilcox wrote:
> On Tue, 20 Apr 2004, James wrote:
>
> > i can see this 'attack' operational against a multihop bgp session that's
> > not md5'd.
> >
> > now the question is... would this also affect single-hop bgp sessions?
> > my understanding would be no, as single-hops require ttl set to 1.
>
> you can engineer packets to make sure they have the right ttl when they arrive,
> ie if your 10 hops away, set ttl to 10 and it will be 1 on arrival :)
>
> Steve
>
> >
> > -J
> >
> >
> > On Tue, Apr 20, 2004 at 01:36:09PM -0400, Mike Tancsa wrote:
> > >
> > >
> > >
> > > http://www.uniras.gov.uk/vuls/2004/236929/index.htm
> > >
> > > --------------------------------------------------------------------
> > > Mike Tancsa, tel +1 519 651 3400
> > > Sentex Communications, mike@sentex.net
> > > Providing Internet since 1994 www.sentex.net
> > > Cambridge, Ontario Canada www.sentex.net/mike
> >
> >
--
James Jun TowardEX Technologies, Inc.
Technical Lead Network Design, Consulting, IT Outsourcing
james@towardex.com Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
