North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP/BGP vulnerability - easier than you think
I point out NetBSD released this: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc Of interest is this paragraph: ] Additionally, the 4.4BSD stack from which NetBSD's stack is derived, did ] not even check that a RST's sequence number was inside the window. RSTs ] anywhere to the left of the window were treated as valid. It's a good thing the 4.4BSD stack was unpopular, otherwise it might be in a lot of programs. -- Leo Bicknell - [email protected] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [email protected], www.tmbg.org Attachment:
pgp00017.pgp
|