[nsp] bgp vulnerability?
Piotr Marecki
p.marecki at swiat.pl
Tue Apr 20 16:38:19 EDT 2004
----- Original Message -----
From: "Dmitry Volkov" <dmitry.volkov at rogers.com>
To: "'Steve Francis'" <steve at expertcity.com>; "'Don Bowman'"
<don at sandvine.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Tuesday, April 20, 2004 10:34 PM
Subject: RE: [nsp] bgp vulnerability?
> I'm just wondering - because it's valid RFC 793 behavior,
> how it can be avoided ?
> by not complaining with RFC ?
> If sequence number has to match exactly (but not in the window) - then
there
> may be
> quite often situations when valid Reesets will not work
>
> Am I wrong here ?
>
>
Proposed changes are in
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt ,
especially :
A) If the RST bit is set and the sequence number is outside the
expected window, silently drop the segment.
B) If the RST bit is exactly the next expected sequence number, reset
the connection.
C) If the RST bit is set and the sequence number does not exactly
match the next expected sequence value, yet is within the
acceptable window (RCV.NXT < SEG.SEQ <= RCV.NXT+RCV.WND) send an
acknowledgment.
Moreover , let's don't forget that from [(src,port) and (dst,port)] at
least one value also has to be also quessed ( port ) which
expand space a little bit more.
regards
Piotr Marecki
More information about the cisco-nsp
mailing list