[nsp] bgp vulnerability?

Dmitry Volkov dmitry.volkov at rogers.com
Tue Apr 20 16:34:15 EDT 2004


I'm just wondering - because it's valid RFC 793 behavior,
how it can be avoided ?
by not complaining with RFC ?
If sequence number has to match exactly (but not in the window) - then there
may be
quite often situations when valid Reesets will not work

Am I wrong here ?

Reset Processing

  In all states except SYN-SENT, all reset (RST) segments are validated
  by checking their SEQ-fields.  A reset is valid if its sequence number
  is in the window.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Steve Francis
> Sent: Tuesday, April 20, 2004 3:54 PM
> To: Don Bowman
> Cc: 'cisco-nsp at puck.nether.net'
> Subject: Re: [nsp] bgp vulnerability?
>
>
> Don Bowman wrote:
>
> >Anyone have any details on this?
> >
> >
> http://www.uniras.gov.uk/vuls/2004/236929/index.htm
>
> >http://story.news.yahoo.com/news?tmpl=story&cid=528&e=1&u=/ap
/20040420/ap_on
>_hi_te/internet_threat
>
>from the wording it sounds like it is BGP they are talking
>about, and faking a reset by guessing the sequence number
>to be in window.
>
>I know cisco has a MD5 option (RFC2385,
>Protection of BGP Sessions via the TCP MD5 Signature Option)
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list