Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)

From: MHawkins () TULLIB COM
Date: Thu, 6 May 2004 11:09:00 -0400
It took one of our junior engineers about half an hour to call our four
ISP's and organize a night time change to our four Internet routers to use
an MD5 hash for BGP peering.

Half and hour to organize plus half an hour to make the changes.

Time well spent for a little peace of mind.

Mike H

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Henning
Brauer
Sent: Thursday, May 06, 2004 7:35 AM
To: Josh Welch
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] BGP TCP RST Attacks (was:CIsco PIX vulnerable to
TCP RST DOS attacks)


* Josh Welch <jwelch () buffalowildwings com> [2004-05-05 18:45]:

Mikael Olsson said:
<snip>

I still believe that the #1 impact of this vulnerability, as seen in an
Internet-wide perspective, is killing BGP sessions in core routers.
Do it a few times to trigger route flap detection, and you'll isolate
large chunks of the net from eachother, or, worst case, from the rest
of the Internet.

The advisories I have seen have made this same statement. However,

according

to another list I read there are a number of network operators who feel

this

is not a real threat. A number of them hold that it would be excessively
challenging to be able to match up the source-ip:source-port and
dest-ip:dest-port and effectively reset a BGP session without generating a
large volume of traffic, which should be noticed in and of itself.


hiarious.
please think about it for a minute:
-one port (179) is known
-the other is to be guessed, which is trivial with cisco equipment
-due to their large window size and extremely poor ISNs, guessing
 a sequence number within the window is also rather easy

large volume of traffic? not at all.

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb () bsws de - henning () openbsd org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: