[91338] in North American Network Operators' Group
Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Jul 19 14:07:38 2006
To: Gadi Evron <ge@linuxbox.org>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 19 Jul 2006 02:02:20 CDT."
<Pine.LNX.4.21.0607190202110.28023-100000@linuxbox.org>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 19 Jul 2006 14:06:52 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1153332412_2943P
Content-Type: text/plain; charset=us-ascii
On Wed, 19 Jul 2006 02:02:20 CDT, Gadi Evron said:
> Some ISP networks do not reset open TCP connections of customers that
> were either cut-off by the ISP or cut off by self-initiation. While it is
> responsibility of every person to terminate every open connection before
> link termination, when the ISP initiates this, it cannot be guaranteed. A
> customer who happens to resume a recycled dynamic IP can then read the
> previous persons open sessions.
Low threat level indeed. The following *ALL* need to happen for it to be a
problem:
1) You need to get disconnected unexpectedly.
2) Your IP address needs to be re-assigned quickly - before the ISP's routing
hardware has a chance to send too many ICMP Dest Unreachable and cause a
connection shutdown.
3) Your IP address needs to be handed to a malicious user.
4) Said malicious user has to be running an IP stack configured to *NOT*
send back a TCP RST or ICMP Port Unreachable when a packet comes in.
5) The connection being hijacked needs to have in-flight data that will be
retransmitted or a keep-alive packet or other similar hint to the attacker
that the connection exists.
--==_Exmh_1153332412_2943P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFEvnS8cC3lWbTT17ARAq0xAJ4pkYi3GOMcT8mL+noUJBI1gHErYACguqo7
Cuh/saFbpTsB7IkrF5w25sc=
=NZhn
-----END PGP SIGNATURE-----
--==_Exmh_1153332412_2943P--
