[69854] in North American Network Operators' Group
Re: TCP/BGP vulnerability - easier than you think
daemon@ATHENA.MIT.EDU (Rob Thomas)
Wed Apr 21 00:18:55 2004
Date: Tue, 20 Apr 2004 23:17:19 -0500 (CDT)
From: Rob Thomas <robt@cymru.com>
To: "Patrick W.Gilmore" <patrick@ianai.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <9FEFB8DE-9345-11D8-B101-000A9578BB58@ianai.net>
Errors-To: owner-nanog-outgoing@merit.edu
Hi, Patrick.
] Really? I certainly hope an attacker tries those three ports on a
] router I know about. Looking at a random cisco router at a random NAP
] with a significant number of peers, there are a total of zero session
] on those ports.
The ephemeral ports are used for active opens, not passive opens. In
other words there won't be a listener bound on the ephemeral ports.
Try nmap'ing the source port you use to SSH to TCP 22 on a remote
server, for example - same negative result. That doesn't mean it
isn't using the "closed" port as a source port. :)
Or did I misunderstand the post? I'm low on coffee tonight. :)
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
