From: Calton, Doug (Doug.Calton@getronics.com)
Date: Thu Apr 22 2004 - 08:06:13 GMT-3
Assuming the source addr is being spoofed, how would an ACL help?
Related to this, I have been thinking - how does the use of a stable
source IP (i.e. loopback) affect this vulnerability? I am thinking that
standard best practices regarding spoofing filters can prevent or
minimize spoofing (BGP-targeted or otherwise) between ebgp sessions on
WAN links to peers, if the WAN IP is used to establish the session and
isolated subnets were used. iBGP sessions would be harder to prevent,
assuming use of a loopback source IP and potential for broadcast media.
Thoughts?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
istong@stong.org
Sent: Thursday, April 22, 2004 6:28 AM
To: ccie; Armand D; ccielab@groupstudy.com
Subject: Re: Transmission Control Protocol (TCP) vulnerability!
From what I can tell this is not really a new vulnerability. This has
been an issue for a long time and the mitigation steps have been
recommended for almost as long. It seems the real interest in this
vulnerability now stems from the finding that you don't have to know the
exact sequence number (a 1/2 to the 32nd chance) but instead just need
to be within a window of the correct sequence number.
Having said that there are various methods to address the possible
threat of someone interrupting your BGP sessions by sending RST or SYN
packets. One method is to use MD5 authentication on your peers.
Another method (or in
cunjunction) you can use ACL's to block tcp port 179 down to specific
source/destination peers. Lastly you may also want to look into best
business practices such as AS filtering and prefix filtering, etc.
Ian
http://www.CCIE4U.com
High End Rack Rentals with IOS 12.2T starting at only $20
> ----- Original Message -----
> From: "Armand D" <ciscoworks2001@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, April 21, 2004 8:50 PM
> Subject: Transmission Control Protocol (TCP) vulnerability
> ???
>
>
> > Hi,
> >
> > I'm wondering what anyone thinks about the latest vulnerability
> > (TCP) specification ? What precautions are people taking if any at
> > this point ?
> >
> > Thanks,
> >
> > Armand
> >
> >
>
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
> >
> >
> > Find local movie times and trailers on Yahoo! Movies.
> > http://au.movies.yahoo.com
> >
> >
> __________________________________________________________
> > _____________ Please help support GroupStudy by
> > purchasing your study materials from:
> http://shop.groupstudy.com >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing your study
> materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________
Check Your Email From Any Where in the World!
Tell Your Friends about MyEmail.com!
______________________________________________
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:52 GMT-3