[j-nsp] stealth bgp vulnerability?
Devon
devon at noved.org
Tue Apr 20 17:12:00 EDT 2004
Link to draft:
<http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt>
Devon
on 4/20/2004 4:56 PM Devon said the following:
> Paul,
>
> Thanks for the reply. I belive I found the draft. :)
> draft-ietf-tcpm-tcpsecure-00.txt
>
> Devon
>
> on 4/20/2004 3:41 PM Paul Goyette said the following:
>
>>> Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
>>
>>
>>
>> Yes
>>
>>
>>
>>> According to the bulletin, software built after March 1, 2004 are not
>>> affected. What did Juniper do? Increase the TCP ISN pool?
>>
>>
>>
>> An Internet draft is/will-soon-be posted describing the changes to the
>> TCP stack. Sorry, I don't have a URL.
>>
>> To activate these changes, configure
>>
>> set system tcp-ack-rst-syn
>>
>> This is a hidden knob so you have to type the whole thing out.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list