Re: Major TCP Vulnerability

To: greg@gregfolkert.net
Cc: Debian Security List <debian-security@lists.debian.org>
Subject: Re: Major TCP Vulnerability
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 23 Apr 2004 09:42:07 +0200
Message-id: <[🔎] 874qrbuomo.fsf@deneb.enyo.de>
References: <[🔎] 20040420182934.GE19650@rfa.org> <[🔎] 1082554013.7995.7.camel@king.gregfolkert.net>

Greg Folkert <greg@gregfolkert.net> writes:

> This Vulnerability is ancient news, and it is not really a
> Vulnerability.

It's one instance of a more general set of vulnerabilities which stem
from the lack of control plane separation.

> What happens if the route goes dead? Same effect.

Not quite.  ISPs hope that link failures are not correlated (to some
extend, they bet their business on it).  If you can bring down links
with deliberate attacks, there is a correlation, and the ISP typically
suffers far more than from random link failures.

> Overloading a router with too many MAC addresses(overflow) has a similar
> effect,

But this doesn't happen on a properly configured core router.  It's an
issue closer to the edge, not in the core.

> I don't quite understand this. Poisoning BGP would be more effective.

It's not that easy. 8-)  It's being done, mostly to cover up all kinds
of net abuse, but not an extremely large scale.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk,
tiscali.cz, tiscali.it, voila.fr.

Reply to:

References:
- Major TCP Vulnerability
  - From: Eric Dantan Rzewnicki <rzewnickie@rfa.org>
- Re: Major TCP Vulnerability
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: Squid proxy help
Next by Date: Re: Squid proxy help
Previous by thread: Re: Major TCP Vulnerability
Next by thread: Re: Major TCP Vulnerability
Index(es):
- Date
- Thread