Re: TCP/BGP vulnerability - easier than you think

• From: Daniel Roesen
• Date: Wed Apr 21 07:22:26 2004

On Wed, Apr 21, 2004 at 01:00:07PM +0200, Iljitsch van Beijnum wrote:
> > All things considered, I think MD5 authentication will lower the bar
> > for attackers, not raise it.  I'm sure code optimizations could fix
> > things to some degree, but that's just not the case today.
> 
> > Which begs the question, what is one to do,
> 
> How about:
> 
> access-list 123 deny   tcp any any eq bgp rst log-input
> access-list 123 deny   tcp any eq bgp any rst log-input
> 
> Unfortunately, not all vendors are able to look at the RST bit when 
> filtering...

The general ignorance to the fact that SYN works as well is
astonishing. :-)

• Follow-Ups:
  • Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum

• References:
  • Re: Massive stupidity (Was: Re: TCP vulnerability) Patrick W.Gilmore
  • TCP/BGP vulnerability - easier than you think David Luyer
  • Re: TCP/BGP vulnerability - easier than you think Adam Rothschild
  • Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum

• Prev by Date: Re: TCP/BGP vulnerability - easier than you think
• Next by Date: Re: TCP/BGP vulnerability - easier than you think
• Date Index
• Thread Index
• Author Index
• Historical