Re: TCP-RST Vulnerability - Doubt

From: Daniel Roesen
Date: Mon Jun 28 2004 - 21:36:30 EST


On Mon, Jun 28, 2004 at 01:22:37PM +0000, Miquel van Smoorenburg wrote:
> MD5 protection on BGP sessions isn't very common yet. MD5 uses CPU,
> and routers don't usually have much of that. Which means that now an
> MD5 CPU attack is possible instead of a TCP RST attack.

Not if the MD5 option is properly implemented - i.e. MD5 hash checking
is done AFTER the packet is considered valid in terms of "fitting"
sequence number.

> The "TTL hack" solution is safer. Make sure sender uses a TTL
> of 255, on the receiver discard all packets with a TTL < 255.

It's a hack, not a solution. A solution works always, not just in
some special cases (and given Cisco's implementation, even there
is a window which is "too wide open").

As this thread is fairly off-topic on lkml, I suggest moving it to
somewhere else... But then again, in the appropriate places, these
discussions have already taken place. :-)


Regards,
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/