On Apr 20, 2004, at 4:43 PM, Dragos Ruiu wrote: > On April 20, 2004 01:28 pm, Charles Swiger wrote: >> My take on this is pretty close to yours: this isn't a new >> vulnerability and it's difficult to perform this type of attack under >> most circumstances without being able to sniff the traffic going by. >> (Basicly, sending a RST is a simple form of data injection via the >> classic man-in-the-middle attack. ACKs and RSTs count as data, too. > > Definitely not a new vulnerability. Just a newer analysis with more > factors accounted for. Agreed. For those who don't get them, CERT just released an advisory (TA04-111A) about this issue which contains some more specific information: "According to Paul Watson's report, with a typical xDSL data connection (80 Kbps, upstream) capable of sending of 250 packets per second (pps) to a session with a TCP Window size of 65,535 bytes, it would be possible to inject a TCP packet approximately every 5 minutes. It would take approximately 15 seconds with a T-1 (1.544 Mbps) connection." [ ...thought about reducing TCP window size... ] > But I'm told most providers crank UP their window sizes to improve BGP > restarts... So reducing the windows may negatively affect other things. > (Need to be careful that the cure isn't worse than the disease.) Oh, sure. My suggestion was not specifically oriented towards BGP, since that already has mechanisms available to protect it (TCP MD5 checksums) and for the reasons that Matt Dillon mentioned-- it's easy to firewall off port 179, or have your BGP peers talking out-of-band via an appropriate network topology. -- -Chuck _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"