[69831] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Massive stupidity (Was: Re: TCP vulnerability)

daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Apr 20 17:57:44 2004

Date: Tue, 20 Apr 2004 17:45:00 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Richard A Steenbergen <ras@e-gerbil.net>
Cc: nanog@merit.edu
In-Reply-To: <20040420210916.GR30977@overlord.e-gerbil.net>
Errors-To: owner-nanog-outgoing@merit.edu


On Tue, 20 Apr 2004, Richard A Steenbergen wrote:
> Anyone who seriously wanted to protect against this attack could easily
> deploy RST rate limits against their management interfaces, rather than
> run around trying to set up MD5 with every peer. As a long term
> improvement, a random ephemeral port selection process could be used.

Insufficient to completely protect against the identified vulnerabilities.
Please continue reading.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[69831] in North American Network Operators' Group

Re: Massive stupidity (Was: Re: TCP vulnerability)

daemon@ATHENA.MIT.EDU (Sean Donelan)Tue Apr 20 17:57:44 2004

daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Apr 20 17:57:44 2004