North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP/BGP vulnerability - easier than you think
On 23-apr-04, at 12:03, Florian Weimer wrote: BTW, anyone seen anything supporting Paul Watson's claim that all it takes to break a session is four packets? In several news stories, such as http://www.wired.com/news/technology/0,1282,63143,00.html? tw=wn_tophead_2Where does he claim that? I've browsed his paper and the packet numbers he gives are higher. Do you have a link? I haven't been able to find it so far. Yes. I've never been one for conspiracy theories but now I'm tempted to become a believer... ("That whole SMNP vulnerability thing was just a trick to get us to install fixed IOSes before the real story gets out.")Either this issue has been wildly exaggerated, or Paul Watson's paper is not the whole story. I assume he's talking about this vulnerability that was fixed in FreeBSD in 1998: http://ciac.llnl.gov/ciac/bulletins/j-008.shtml I certainly hope our collective favorite vendors didn't overlook this one. Maybe they have fixed it now? This would explain most of the frenzy. I guess we have to wait a bit longer to find out.
|