nanog mailing list archives
Re: TCP/BGP vulnerability - easier than you think
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Fri, 23 Apr 2004 12:13:33 +0200
On 23-apr-04, at 12:03, Florian Weimer wrote:
BTW, anyone seen anything supporting Paul Watson's claim that all it takes to break a session is four packets?
Where does he claim that?
In several news stories, such as http://www.wired.com/news/technology/0,1282,63143,00.html? tw=wn_tophead_2
I've browsed his paper and the packet numbers he gives are higher.
Do you have a link? I haven't been able to find it so far.
Either this issue has been wildly exaggerated, or Paul Watson's paper is not the whole story.
Yes. I've never been one for conspiracy theories but now I'm tempted to become a believer... ("That whole SMNP vulnerability thing was just a trick to get us to install fixed IOSes before the real story gets out.")
I assume he's talking about this vulnerability that was fixed in FreeBSD in 1998: http://ciac.llnl.gov/ciac/bulletins/j-008.shtml
I certainly hope our collective favorite vendors didn't overlook this one.
Maybe they have fixed it now? This would explain most of the frenzy.
I guess we have to wait a bit longer to find out.
Current thread:
- Re: TCP/BGP vulnerability - easier than you think, (continued)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 21)
- RE: TCP/BGP vulnerability - easier than you think David Luyer (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Crist Clark (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think John Kristoff (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 22)
- Re: TCP/BGP vulnerability - easier than you think Paul Jakma (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think E.B. Dreger (Apr 21)
- Message not available
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 23)
- Message not available
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Leo Bicknell (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Petri Helenius (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 23)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 26)
- Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Priscilla Oppenheimer (Apr 27)
- Re: TCP/BGP vulnerability - easier than you think Simon Leinen (Apr 28)
- Re: TCP/BGP vulnerability - easier than you think Todd Vierling (Apr 21)
- Re: TCP/BGP vulnerability - easier than you think Pete Kruckenberg (Apr 21)
- Vendor TCP oops-es (was Re: TCP/BGP vulnerability) Todd Vierling (Apr 21)