nanog mailing list archives
RE: TCP RST attack (the cause of all that MD5-o-rama)
From: "Michel Py" <michel () arneill-py sacramento ca us>
Date: Wed, 21 Apr 2004 11:38:09 -0700
James wrote: now the question is... would this also affect single-hop bgp sessions? my understanding would be no, as single-hops require ttl set to 1.
Simon Lockhart wrote: All it requires is for the TTL to be 1 (or 0, I can't remember which) when it's received. Just launch your packets with a TTL of the number of hops between you and the victim, and that's that bit sorted...
That's not the way I read it at all. The way I read it is that the TTL of the packet has to be equal or _greater_ than 254 (or 255). Since you can't set the TTL to a value greater than 255 when sending the forged packet, it means that the spoofer sending a packet from 10 hops away will have a TTL of 245 at most, and will be discarded. As nobody has figured out how to prevent the TTL to be decremented by each of the hops on the way, it works. Michel.
Current thread:
- Re: TCP RST attack (the cause of all that MD5-o-rama), (continued)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Peter Galbavy (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) E.B. Dreger (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Crist Clark (Apr 21)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Valdis . Kletnieks (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 20)
- Re: TCP RST attack (the cause of all that MD5-o-rama) Patrick W . Gilmore (Apr 21)