North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: TCP/BGP vulnerability - easier than you think
On Wed, Apr 21, 2004 at 02:10:05PM +0200, Iljitsch van Beijnum wrote: > > "The issue described in this advisory is the practicability of > > resetting an established TCP connection by sending suitable TCP > > packets with the RST (Reset) or SYN (Synchronise) flags set." > > And: > > "It is also possible to perform the same attack with SYN (synchronise) > packets. An established connection will abort by sending a RST if it > receives a duplicate SYN packet with initial sequence number within the > TCP window." > > So the attacker sends a spoofed SYN to router A, and router A sends an > RST to router B and router B terminates the BGP session. Correct. > The good part here is that filtering RSTs should still work. It doesn't. The RST are then being sent by the authorized sender and your edge anti-spoof filtering for RST doesn't help a single millimeter.