Re: Major TCP Vulnerability

To: debian-security@lists.debian.org
Subject: Re: Major TCP Vulnerability
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Tue, 20 Apr 2004 16:39:09 -0400
Message-id: <[🔎] 20040420203909.GA10952@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org

On Tue, 20 Apr 2004 at 02:49:48PM -0400, Thomas Sj?gren wrote:
> Since the article is for subscribers only, this is a "wild" guess:
> http://www.uniras.gov.uk/vuls/2004/236929/index.htm

This article isn't anything I am going to loose sleep over.  Any mission
critical long term TCP connections over an untrusted network (The
Internet) should already be using IPSec.

As for non-mission critical connections, the two parties will just
reconnect at a later time.

Also, unless the attackers know the source port of the client side of
the TCP connection, this attack is useless.  The only way for them to
get the client/source port would be to:

A) Have access to the datastream (if this is the case, you have more to
worry about than them resetting your connection).

B) Have login access to either machine and then run netstat (or a
similar) utility which will tell them the information.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import

----- End forwarded message -----

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import

Reply to:

Follow-Ups:
- Re: Major TCP Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Major TCP Vulnerability
  - From: no name supplied <ward336@earthlink.net>

Prev by Date: Fwd: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP [Was: Major TCP Vulnerability]
Next by Date: RE: Major TCP Vulnerability
Previous by thread: Re: Major TCP Vulnerability
Next by thread: Re: Major TCP Vulnerability
Index(es):
- Date
- Thread