Full Disclosure mailing list archives
Re: Core Internet Vulnerable - News at 11:00
From: "Exibar" <exibar () thelair com>
Date: Tue, 20 Apr 2004 15:37:03 -0400
Looks like this is the same thing: NISCC Vulnerability Advisory 236929 Vulnerability Issues in TCP Version Information Advisory Reference 236929 Release Date 20 April 2004 Last Revision 20 April 2004 Version Number 1.0 What is Affected? The vulnerability described in this advisory affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force.s (IETF.s) Requests For Comments (RFCs) for TCP, including RFC 793, the original specification, and RFC 1323, TCP Extensions for High Performance. TCP is a core network protocol used in the majority of networked computer systems today. Many vendors include support for this protocol in their products and may be impacted to varying degrees. Furthermore any network service or application that relies on a TCP connection will also be impacted, the severity depending primarily on the duration of the TCP session. Full Advisory http://www.uniras.gov.uk/vuls/2004/236929/index.htm ----- Original Message ----- From: "Crist J. Clark" <cristjc () comcast net> To: <full-disclosure () lists netsys com> Sent: Tuesday, April 20, 2004 1:28 PM Subject: [Full-disclosure] Core Internet Vulnerable - News at 11:00
Does anyone know WTF they are trying to say in this AP article, "Core Internet Technology Is Vulnerable,"
http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat
It sounds like they are talking about a sequence number guessing attack on TCP BGP sessions? Sequence number prediction isn't really a new attack, but the story says, "Experts previously maintained such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds." Hmmm... Four attempts... And the story makes it sound like a cross-platform attack, not a bug in a particular OS's ISN generation. FUD or is there something here? -- Crist J. Clark | cjclark () alum mit edu | cjclark () jhu edu http://people.freebsd.org/~cjc/ | cjc () freebsd org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Core Internet Vulnerable - News at 11:00 Crist J. Clark (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Dave D. Cawley (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Frank Knobbe (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Michal Zalewski (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Exibar (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Alerta Redsegura (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Jade E. Deane (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Alexander Bochmann (Apr 21)
- Re: Core Internet Vulnerable - News at 11:00 Pavel Kankovsky (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Dave D. Cawley (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Exibar (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 james (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Michael Schaefer (Apr 20)
- NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP (was Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00) Chris McCulloh (Apr 20)
- Re: Core Internet Vulnerable - News at 11:00 Gregory A. Gilliss (Apr 20)
- <Possible follow-ups>
- RE: Core Internet Vulnerable - News at 11:00 David Vincent (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Compton, Rich (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 SturmM (Apr 20)
- RE: Core Internet Vulnerable - News at 11:00 Jos Osborne (Apr 21)