[69913] in North American Network Operators' Group
Re: TCP/BGP vulnerability - easier than you think
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Wed Apr 21 12:38:04 2004
Date: Wed, 21 Apr 2004 16:37:39 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <1723CD40-9395-11D8-90B6-000A95CD987A@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
IvB> Date: Wed, 21 Apr 2004 15:09:15 +0200
IvB> From: Iljitsch van Beijnum
IvB> [T]he filters I listed in my earlier message simply filter
IvB> RSTs to/from the BGP port without looking at the address
IvB> fields [...] the BGP hold timer takes care of business here
IvB> anyway [...]
Interesting thought. Smells like IRC.
Still leaves SYNs to be addressed, at least in theory. Has
anyone tried hitting * with an in-window SYN to know if this is
indeed an issue?
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
