Re: Transmission Control Protocol (TCP) vulnerability!

From: istong@stong.org
Date: Thu Apr 22 2004 - 07:27:51 GMT-3

• Next message: CHAN, Kwok-Ming: "RE: Transmission Control Protocol (TCP) vulnerability!"
• Previous message: ccie: "Re: Transmission Control Protocol (TCP) vulnerability ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From what I can tell this is not really a new vulnerability.
 This has been an issue for a long time and the mitigation
steps have been recommended for almost as long. It seems
the real interest in this vulnerability now stems from the
finding that you don't have to know the exact sequence
number (a 1/2 to the 32nd chance) but instead just need to
be within a window of the correct sequence number.

Having said that there are various methods to address the
possible threat of someone interrupting your BGP sessions by
sending RST or SYN packets. One method is to use MD5
authentication on your peers. Another method (or in
cunjunction) you can use ACL's to block tcp port 179 down to
specific source/destination peers. Lastly you may also want
to look into best business practices such as AS filtering
and prefix filtering, etc.

Ian

http://www.CCIE4U.com
High End Rack Rentals with IOS 12.2T starting at only $20

> ----- Original Message -----
> From: "Armand D" <ciscoworks2001@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, April 21, 2004 8:50 PM
> Subject: Transmission Control Protocol (TCP) vulnerability
> ???
>
>
> > Hi,
> >
> > I'm wondering what anyone thinks about the latest
> > vulnerability (TCP) specification ? What precautions
> > are people taking if any at this point ?
> >
> > Thanks,
> >
> > Armand
> >
> >
>
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
> >
> >
> > Find local movie times and trailers on Yahoo! Movies.
> > http://au.movies.yahoo.com
> >
> >
> __________________________________________________________
> > _____________ Please help support GroupStudy by
> > purchasing your study materials from:
> http://shop.groupstudy.com >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________

Check Your Email From Any Where in the World!

http://www.myemail.com

Tell Your Friends about MyEmail.com!
______________________________________________

• Next message: CHAN, Kwok-Ming: "RE: Transmission Control Protocol (TCP) vulnerability!"
• Previous message: ccie: "Re: Transmission Control Protocol (TCP) vulnerability ???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:52 GMT-3