Updated: 5/16/2006; 11:39:50 AM.

Ken Novak's Weblog
Purpose of this blog: to retain annotated bookmarks for my future reference, and to offer others my filter technology and other news. Note that this blog is categorized. Use the category links to find items that match your interests.
Subscribe to get this blog by e-mail.
New: Read what I'm reading on Bloglines.

daily link  Tuesday, April 20, 2004

TCP Vulnerable:  "The vulnerability stems from the fact that TCP sessions can be reset -- in other words, shut down, if only temporarily -- by sending maliciously-crafted RST (reset) or Syn (synchronization) packets to either end of the session's connection. Although this is an intended feature of TCP -- as in the infamous phrase, not a bug -- an attacker who spoofs the source IP addresses on the packets can terminate the session, resulting in a denial of service.

Although a denial of service attack using TCP packets has long been known as a weakness of the protocol, experts believed that a successful attack wasn't practical, since the attacker would have to guess the an identifying sequence number in the next packet; the odds of that are about one in 4.3 billion.  But researcher Paul Watson, who runs the pro-hacking blog on terrorist.net, has discovered that the “probability of guessing an acceptable sequence number is much higher because the receiving TCP implementation will accept any sequence number in a certain range. [That] makes TCP reset attacks practicable,” said the NISCC in its advisory..

Ultimately, router vendors will have to issue patches. Not all had done so by late Tuesday afternoon, although leading router makers Cisco and Juniper Networks had posted advisories, and provided either patches or software to mitigate the risks of an exploit.  But even those companies and organizations relying on routers for which patches are available shouldn't be completely comfortable, said Rouland. “These are pretty significant changes to the IP set, and they're non-trivial patches that will require a lot of testing,” he said.

Other tactics that enterprises could employ until patches were available and deployed, said Oliver Friedrichs, the senior manager of Symantec's security response team, include implementing their routers' MD5 Signature Option, another level of authentication that should stymie attackers.  “MD5 adds a hash to each request for BGP,” said Friedrichs, “so the attacker would have to try to calculate the hash as well. That should make it much more difficult to inject a packet into the TCP session at the router.” "

  5:42:07 PM  permalink  

What Is Zope? A revised intro to Zope, a (mostly) Python web service platform that includes content management and other facilities.  Interesting directory of Zope Products, including the SQL2Form Automatic Form Generator.  10:16:10 AM  permalink  

OpenOffice: Interesting endorsement, with info on how it was built, and how it interoperates with everything XML.  10:13:50 AM  permalink  

Describe RSS in 10 words or less:  My favorites: 

  • The Fastest Way To Waste An Enormous Amount Of Time
  • Freebasing for Web junkies.
  • Makes life easier, but not really.
  • Remember Pointcast? Kinda like that, only actually useful.
  • News sent to your computer. No spam. No browsing.
  10:02:17 AM  permalink  

Cracks appear in Bush circle: "This month Bush approved a five-year plan to train up to 75,000 peacekeeping forces — largely staffed by other countries' soldiers — for use in hot spots around the world.   That would have been anathema a few years ago.  But U.S. forces are now too overstretched for the job, one administration official told the Washington Post, noting that the new peacekeeping reserve force "could be used by the United Nations."   Just the sort of thing, in fact, that Powell might have argued. "  12:12:26 AM  permalink  


April 2004
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Mar   May

Links to related pages:
Subscribe to "Ken Novak's Weblog" in Radio UserLand.

Click to see the XML version of this web page.
Click here to send an email to the editor of this weblog. E-mail me
Click here to visit the Radio UserLand website.


Copyright 2006 © Ken Novak.
Last update: 5/16/2006; 11:39:50 AM.