[nsp] bgp vulnerability?

BALLA Attila atis at eik.bme.hu
Wed Apr 21 09:05:50 EDT 2004


Hello,

  Would someone explain where is the bug/issue? In the RFC itself or in
the implementation?
Before examining the cited cisco bugs, i had the feeling that the RST
handling algorithm itself is weak.

  From the bug IDs, now i feel that IOS won't check the SEQ number, so
that not only valid (i.e. in-window) SEQ numbered RSTs can disrupt the
session. Moreover, not only RSTs are harmful, but SYNs as well.

  If only the algorithm in RFC was weak, how could a vendor fix it?
According to Cisco Psirst postings there are fixed IOS versions, meaning
the implemntation differs from that of proposed in the RFC.

Thanks,
  Attila


More information about the cisco-nsp mailing list