[j-nsp] stealth bgp vulnerability?
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Apr 21 02:26:19 EDT 2004
At 12:41 PM 20-04-04 -0700, Paul Goyette wrote:
> >Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
>
>Yes
>
>
> >According to the bulletin, software built after March 1, 2004 are not
> >affected. What did Juniper do? Increase the TCP ISN pool?
>
>An Internet draft is/will-soon-be posted describing the changes to the
>TCP stack. Sorry, I don't have a URL.
You mean:
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt
-Hank
>To activate these changes, configure
>
> set system tcp-ack-rst-syn
>
>This is a hidden knob so you have to type the whole thing out.
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list