[736] in bugtraq
Re: NYT Article this morning
daemon@ATHENA.MIT.EDU (Rick Busdiecker)
Tue Jan 24 15:54:03 1995
To: "Perry E. Metzger" <perry@imsi.com>
Cc: Full Disclosure <bugtraq@fc.net>
In-Reply-To: Your message of "Mon, 23 Jan 1995 15:37:36 EST."
<9501232037.AA12144@snark.imsi.com>
From: Rick Busdiecker <rfb@lehman.com>
Reply-To: Rick Busdiecker <rfb@lehman.com>
Date: Tue, 24 Jan 1995 13:12:44 -0500
Date: Mon, 23 Jan 1995 15:37:36 -0500
From: "Perry E. Metzger" <perry@imsi.com>
Christopher Klaus says:
> To fully fix the problem will require all the vendors to come out with
> kernel patches to make the TCP sequence numbering difficult to
> guess,
Even that is insufficient, actually. If you see a packet going by, you
can still try to jam the works up and steal the connection anyway. The
only permanent solution is a cryptographic security protocol for the
net -- one is actually in the works now in the IETF.
Morris' paper concludes with this sentence:
A workable solution might be to only trust hosts on the same
physical network, and modify gateways to reject packets that claim
to, but do not in fact, come from directly connected networks.
Your statement as to the ``only permanent solution'' suggests that you
disagree with Morris' hypothesis.
Do you believe that it's possible to use the techniques that are being
discussed to get past a ``two wire'' firewall which ignores internal
packets originating from the external wire?
Rick
