[nsp-sec] Potential TCP / IP vulnerabilities announcedmidOctober - Outpost24 interview
Florian Weimer
fweimer at bfk.de
Wed Oct 1 11:53:56 EDT 2008
* Eronen Juhani:
> Outpost24 contacted us at CERT-FI to coordinate fixing this flaw.
> Unfortunately they also chose to present on the issues all the
> same. In many senses the issue has a certain Kaminsky-ring to
> it. Their attack draws on known issues, and the question here really
> is if the attack has anything new and significant to contribute. We
> are still in the process of determining this.
I would look at the tcpm mailing list. Several unfixed TCP
vulnerabilities have been raised there over the years. It's a huge
pile of unstructured information, though.
> We would like to hear more on these types of mitigations for
> existing attacks.
And we would like to hear more about their work (particularly speaking
with my spare-time vendor hat).
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list