Re: tcp vulnerability? haven't seen anything on it here...

[jamal]

Clarification:
I think the latency of my earlier email introduced by probably netdev is
creating a lot of "hostile" responses to me ;-> I feel like i am in
hostile path here ;->
I sent that email a long time ago, seems like netdev or my ISP decided
to deliver it now and reordered the delivery. This has happened to me a 
few times before with netdev thats why i prefer to cc people whenever i
can (worst case they receive more than one message)
Consider that message obsolete. I know you can create this problem via
brute force as you explained in your later email (that showed up
yesterday).

cheers,
jamal

On Fri, 2004-04-23 at 10:15, alex@xxxxxxxxxxxx wrote:
> > And for something like a huge download to just regular joe, this is more
> > of a nuisance assuming some kiddie has access between you and the
> > server. OTOH, long lived BGP sessions are affected assuming you are
> > going across hostile path to your peer.
> Again - no hostile path necessary. Attack is brute-force and does not rely 
> on MITM.
> 
> > So whats all this ado about nothing? Local media made it appear we are
> > all about to die.
> Pretty much.
> > 
> > Is anyone working on some fix?
> In networking world, there was a craze of enabling TCP-MD5 for BGP
> sessions reacting to this attack. There is alternative solution, "TTL
> hack", relying that most BGP sessions are between directly-connected 
> routers, so if connection originator sets TTL to 255 and receiver verifies 
> that TTL on incoming packet is 255, you can be reasonably certain that the 
> packet was sent by someone directly connected to you. ;)
> 
> -alex
> 
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/