[69813] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (Patrick W.Gilmore)
Tue Apr 20 16:27:23 2004
In-Reply-To: <Pine.LNX.4.44.0404202023240.15106-100000@server2.tcw.telecomplete.net>
Cc: Patrick W.Gilmore <patrick@ianai.net>
From: Patrick W.Gilmore <patrick@ianai.net>
Date: Tue, 20 Apr 2004 15:38:28 -0400
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Apr 20, 2004, at 3:24 PM, Stephen J. Wilcox wrote:
> On Tue, 20 Apr 2004, James wrote:
>
>> i can see this 'attack' operational against a multihop bgp session
>> that's
>> not md5'd.
>>
>> now the question is... would this also affect single-hop bgp sessions?
>> my understanding would be no, as single-hops require ttl set to 1.
>
> you can engineer packets to make sure they have the right ttl when
> they arrive,
> ie if your 10 hops away, set ttl to 10 and it will be 1 on arrival :)
Not if you use the TTL hack.
Seems like that would be much more useful, and less CPU intensive, and
less prone to user error, etc., etc. than MD5
--
TTFN,
patrick
