RE: Major TCP Vulnerability
Stupid Question, I don't understand how IPSec is secure. Can't you just
kill the IPSec connection, or is IPSec connectionless? As I understand
it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you
have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could
still kill.
Steve
-----Original Message-----
From: Florian Weimer [mailto:fw@deneb.enyo.de]
Sent: April 20, 2004 2:46 PM
To: debian-security@lists.debian.org
Subject: Re: Major TCP Vulnerability
Phillip Hofmeister <plhofmei@zionlth.org> writes:
> This article isn't anything I am going to loose sleep over. Any
> mission critical long term TCP connections over an untrusted network
> (The
> Internet) should already be using IPSec.
Core routers usually don't have the CPU power to run IPsec (yes, it
sounds ridiculous, but it's mostly that way).
However, I agree that this won't have much impact on the network as a
whole. The emergency reconfiguration that took place during the past
weeks (and which is being touted by the media as a prudent
countermeasure) caused more large-scale destabilization than future
attacks. 8-(
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk,
tiscali.cz, tiscali.it, voila.fr.
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: