[j-nsp] stealth bgp vulnerability?

Devon devon at noved.org
Tue Apr 20 17:12:00 EDT 2004


Link to draft:

<http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt>

Devon

on 4/20/2004 4:56 PM Devon said the following:

> Paul,
> 
> Thanks for the reply. I belive I found the draft. :) 
> draft-ietf-tcpm-tcpsecure-00.txt
> 
> Devon
> 
> on 4/20/2004 3:41 PM Paul Goyette said the following:
> 
>>> Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
>>
>>
>>
>> Yes
>>
>>
>>
>>> According to the bulletin, software built after March 1, 2004 are not 
>>> affected. What did Juniper do? Increase the TCP ISN pool?
>>
>>
>>
>> An Internet draft is/will-soon-be posted describing the changes to the
>> TCP stack.  Sorry, I don't have a URL.
>>
>> To activate these changes, configure
>>
>>     set system tcp-ack-rst-syn
>>
>> This is a hidden knob so you have to type the whole thing out.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list