[prev in list] [next in list] [prev in thread] [next in thread]
List: quagga-users
Subject: [quagga-users 1827] Re: TCP MD5 for BGP and Linux
From: Dan Hollis <spamtrap171551 () anime ! net>
Date: 2004-04-23 19:12:56
Message-ID: Pine.LNX.4.44.0404231211430.27507-100000 () sasami ! anime ! net
[Download RAW message or body]
On Fri, 23 Apr 2004, Mike Tancsa wrote:
> At 12:48 PM 23/04/2004, Michael Richardson wrote:
> > But, as was discussed yesterday at CanSecWest, you don't need to be
> >very close to get the RSTs sent. You don't have to send them, you can
> >get the attacker's peer to send them for you if you send it TCP SYNs!
> I think the idea is that both sides (in the case of non multi-hop) are
> configured to ignore anything with a TTL not that of 255. i.e. the IP
> packet that the TCP SYN or RST comes in must have a TTL of 255, otherwise
> ignore it.
The case for GTSM grows stronger since I have been informed that at least
2 completely different attacks exist which bypass MD5 entirely.
-Dan
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic