From: Paul Borghese (pborghese@groupstudy.com)
Date: Wed Apr 21 2004 - 15:43:18 GMT-3
I have been studying the vulnerability with relation to how it effects
BGP sessions. In a nutshell, the hacker sends a TCP RST message thus
terminating the BGP neighbor relationship. This causes the routes to be
removed from the BGP table. Do this a few times and (assuming you have
route dampening enabled) the routes are placed in a dampened state. The
hacker must guess the TCP Sequence number (or be close based upon the
windowing size).
Cisco's workaround is to simply use BGP authentication. While I do not
doubt Cisco has tested this and it works, I do not understand why it
will work. BGP is transported as data that rides over TCP/IP (port
179). Why would authenticating application layer data prevent the TCP
session from being reset? The authentication is taking place at a
higher layer then layer 4.
Any opinions? Howard?
Take care,
Paul Borghese
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Armand D
Sent: Wednesday, April 21, 2004 1:51 PM
To: ccielab@groupstudy.com
Subject: Transmission Control Protocol (TCP) vulnerability ???
Hi,
I'm wondering what anyone thinks about the latest
vulnerability (TCP) specification ? What precautions
are people taking if any at this point ?
Thanks,
Armand
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3