[nsp] bgp vulnerability?

Tue Apr 20 16:41:49 EDT 2004

Hi,

On Tue, Apr 20, 2004 at 04:34:15PM -0400, Dmitry Volkov wrote:
> I'm just wondering - because it's valid RFC 793 behavior,
> how it can be avoided ?
> by not complaining with RFC ?
> If sequence number has to match exactly (but not in the window) - then there
> may be
> quite often situations when valid Reesets will not work

Ignore all RSTs that do not carry a valid MD5 hash.

Make sure that no packets with spoofed source addresses can enter or leave
your network.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de