Updated: 11/24/2005; 11:31:47 PM.

General networking
Data network connectivity developments, networking business news, and related computing items.

daily link  Tuesday, April 20, 2004

TCP Vulnerable:  "The vulnerability stems from the fact that TCP sessions can be reset -- in other words, shut down, if only temporarily -- by sending maliciously-crafted RST (reset) or Syn (synchronization) packets to either end of the session's connection. Although this is an intended feature of TCP -- as in the infamous phrase, not a bug -- an attacker who spoofs the source IP addresses on the packets can terminate the session, resulting in a denial of service.

Although a denial of service attack using TCP packets has long been known as a weakness of the protocol, experts believed that a successful attack wasn't practical, since the attacker would have to guess the an identifying sequence number in the next packet; the odds of that are about one in 4.3 billion.  But researcher Paul Watson, who runs the pro-hacking blog on terrorist.net, has discovered that the “probability of guessing an acceptable sequence number is much higher because the receiving TCP implementation will accept any sequence number in a certain range. [That] makes TCP reset attacks practicable,” said the NISCC in its advisory..

Ultimately, router vendors will have to issue patches. Not all had done so by late Tuesday afternoon, although leading router makers Cisco and Juniper Networks had posted advisories, and provided either patches or software to mitigate the risks of an exploit.  But even those companies and organizations relying on routers for which patches are available shouldn't be completely comfortable, said Rouland. “These are pretty significant changes to the IP set, and they're non-trivial patches that will require a lot of testing,” he said.

Other tactics that enterprises could employ until patches were available and deployed, said Oliver Friedrichs, the senior manager of Symantec's security response team, include implementing their routers' MD5 Signature Option, another level of authentication that should stymie attackers.  “MD5 adds a hash to each request for BGP,” said Friedrichs, “so the attacker would have to try to calculate the hash as well. That should make it much more difficult to inject a packet into the TCP session at the router.” "

  5:42:07 PM  permalink  

April 2004
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Mar   May
Subscribe to "General networking" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Click here to visit the Radio UserLand website.


Copyright 2005 © Ken Novak.
Last update: 11/24/2005; 11:31:47 PM.