[j-nsp] stealth bgp vulnerability?
Devon
devon at noved.org
Tue Apr 20 16:56:09 EDT 2004
Paul,
Thanks for the reply. I belive I found the draft. :)
draft-ietf-tcpm-tcpsecure-00.txt
Devon
on 4/20/2004 3:41 PM Paul Goyette said the following:
>>Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
>
>
> Yes
>
>
>
>>According to the bulletin, software built after March 1, 2004 are not
>>affected. What did Juniper do? Increase the TCP ISN pool?
>
>
> An Internet draft is/will-soon-be posted describing the changes to the
> TCP stack. Sorry, I don't have a URL.
>
> To activate these changes, configure
>
> set system tcp-ack-rst-syn
>
> This is a hidden knob so you have to type the whole thing out.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list