[80939] in North American Network Operators' Group
Re: Cisco Vulnerability in a Variant of the TCP Timestamps Option
daemon@ATHENA.MIT.EDU (trainier@kalsec.com)
Thu May 19 10:25:42 2005
In-Reply-To: <20050519.071131.7856.73691@webmail29.lax.untd.com>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: nanog@merit.edu, owner-nanog@merit.edu
From: trainier@kalsec.com
Date: Thu, 19 May 2005 10:21:57 -0400
Errors-To: owner-nanog@merit.edu
This is a multipart message in MIME format.
--=_alternative 004F3B8785257006_=
Content-Type: text/plain; charset="US-ASCII"
It's a little broader than just cisco equipment.
http://www.securityfocus.com/bid/13676
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Sent by: owner-nanog@merit.edu
05/19/2005 10:11 AM
To
nanog@merit.edu
cc
Subject
Cisco Vulnerability in a Variant of the TCP Timestamps Option
Cisco yesterday reported a vulnerability with some implementations of the
Transmission Control Protocol (TCP) Timestamps option (RFC1323) are
vulnerable to a Denial of Service (DoS) attack from specifically crafted
packets. Cisco also states that only certain implementations of the TCP
Timestamps option are vulnerable.
The entire security alert can be found here:
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
--=_alternative 004F3B8785257006_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">It's a little broader than just cisco
equipment.</font>
<br><font size=2 face="sans-serif">http://www.securityfocus.com/bid/13676</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Fergie (Paul Ferguson)"
<fergdawg@netzero.net></b> </font>
<br><font size=1 face="sans-serif">Sent by: owner-nanog@merit.edu</font>
<p><font size=1 face="sans-serif">05/19/2005 10:11 AM</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">nanog@merit.edu</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Cisco Vulnerability in a
Variant of the TCP Timestamps Option</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt><br>
<br>
Cisco yesterday reported a vulnerability with some implementations of the
Transmission Control Protocol (TCP) Timestamps option (RFC1323) are vulnerable
to a Denial of Service (DoS) attack from specifically crafted packets.
Cisco also states that only certain implementations of the TCP Timestamps
option are vulnerable.<br>
<br>
The entire security alert can be found here:<br>
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml<br>
<br>
- ferg<br>
<br>
--<br>
"Fergie", a.k.a. Paul Ferguson<br>
Engineering Architecture for the Internet<br>
fergdawg@netzero.net or fergdawg@sbcglobal.net<br>
ferg's tech blog: http://fergdawg.blogspot.com/<br>
</tt></font>
<br>
--=_alternative 004F3B8785257006_=--
