nanog mailing list archives
Re: TCP-ACK vulnerability (was RE: SSH on the router)
From: Sean Donelan <sean () donelan com>
Date: Thu, 10 Jun 2004 07:19:44 -0400 (EDT)
On Wed, 9 Jun 2004, Alexei Roudnev wrote:
This is minor exploit - usually you set up VLAN1 interface with IP addres, which is filterd out from outside. Moreover, there is not any good way to find switch IP - it is transparent for user's devices.
Yeah, port scanners are so rare on the Internet they'll never find your IP address. Its not as if the switches have an easy to detect banner signature, and everyone uses out-of-band management for all their network equipment.
Current thread:
- RE: SSH on the router - was( IT security people sleep well) McBurnett, Jim (Jun 07)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- Re: UDP-TCP-ACK-SYN Attacks Pete (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) James (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev (Jun 10)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 11)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Stephen J. Wilcox (Jun 09)
- TCP-ACK vulnerability (was RE: SSH on the router) Sean Donelan (Jun 09)
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)
- Message not available
- Re: TCP-ACK vulnerability (was RE: SSH on the router) Christopher L. Morrow (Jun 10)