North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: TCP/BGP vulnerability - easier than you think
On Wed, Apr 21, 2004 at 01:23:54PM +0200, Iljitsch van Beijnum wrote: > > On Wed, 21 Apr 2004, Daniel Roesen wrote: > > > > access-list 123 deny tcp any any eq bgp rst log-input > > > access-list 123 deny tcp any eq bgp any rst log-input > > > > Unfortunately, not all vendors are able to look at the RST bit when > > > filtering... > > > The general ignorance to the fact that SYN works as well is > > astonishing. :-) > > What are you talking about? http://www.uniras.gov.uk/vuls/2004/236929/index.htm First paragraph of the summary: "The issue described in this advisory is the practicability of resetting an established TCP connection by sending suitable TCP packets with the RST (Reset) or SYN (Synchronise) flags set." You can break TCP sessions not only be injecting harmfully crafted RST packets, but also with SYN packets. All talk I see going on is always about harmful RST packets only. Seems like noone realized that the thread is equally intense with SYN packets.