[j-nsp] stealth bgp vulnerability?

Devon devon at noved.org
Tue Apr 20 16:56:09 EDT 2004


Paul,

Thanks for the reply. I belive I found the draft. :) 
draft-ietf-tcpm-tcpsecure-00.txt

Devon

on 4/20/2004 3:41 PM Paul Goyette said the following:

>>Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
> 
> 
> Yes
> 
> 
> 
>>According to the bulletin, software built after March 1, 2004 are not 
>>affected. What did Juniper do? Increase the TCP ISN pool?
> 
> 
> An Internet draft is/will-soon-be posted describing the changes to the
> TCP stack.  Sorry, I don't have a URL.
> 
> To activate these changes, configure
> 
> 	set system tcp-ack-rst-syn
> 
> This is a hidden knob so you have to type the whole thing out.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list