[704] in bugtraq

home help back first fref pref prev next nref lref last post

Re: NYT Article this morning

daemon@ATHENA.MIT.EDU (Christopher Klaus)
Mon Jan 23 18:57:46 1995

From: Christopher Klaus <cklaus@shadow.net>
To: perry@imsi.com
Date: Mon, 23 Jan 1995 15:29:18 -0500 (EST)
Cc: bugtraq@fc.net, rens@imsi.com
In-Reply-To: <9501231338.AA11040@snark.imsi.com> from "Perry E. Metzger" at Jan 23, 95 08:38:12 am

> Having been in the situation of being an administrator worried about
> such things and not knowing where to turn, I believe in full
> disclosure. I'll try to post as full a disclosure as I can in a few
> hours. I will not post code, as I doubt that Joe Hacker can use the
> description to construct the attack, but you should be able to assess
> if you are vulnerable without any code to exploit the problem. I'll
> also note that the problem was described in the open literature some
> time ago -- the New York Times article accurately notes that two Bell
> Labs types described this in published papers, which should give those
> in the know some hints.
> 
> In any case, CERT intends to publish an advisory today. I suspect that
> the advisory will not describe how to fully fix the problem.

To fully fix the problem will require all the vendors to come out with
kernel patches to make the TCP sequence numbering difficult to guess, then
have all the admins apply those patches to all the machines on Internet, 
and then we will have solved the problem.  (While we are at it, have 
admins install patches that stop get-root scripts also).  Pretty simple and 
quick to implement.  <grin>

Cheers,
Christopher

-- 
Christopher William Klaus	Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc.		Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.

home help back first fref pref prev next nref lref last post