OpenBSD Journal

tcp exploit

Contributed by sean on from the theoretical until proven otherwise dept.

ronaldraymond writes:
guess this issue had some base in reality after all.

Apparently the base tcp implimentation has some problems.

It's even on slashdot so it must be true...

(Comments are closed)

    1. By j0rd ( on

      and got 2000$

  2. By mike ( on

    well, having read through the thread on misc@ and the uk advisory, and not being an expert on anything, it's not as bad as it sounds for your obsd boxen, but pretty worrying for the rest of the net... basically, obsd already has some mechanisms that limit the risks (ie. randomization in port attributions, better sequence number generation etc.) the advisory specifically mentions BGP as the prime target, but even obsd's upcoming BGP implementation seems to contain mitigating factors with more to come post-release. this has to be seen in the context that even if you're running a secure all-obsd (or whatever) network locally or even across networks, somewhere upstream you're pretty sure to find vulnerable Cisco or other routing equipment. which pretty much leaves us all with the potential for very "secure" (read UNCONNECTED) networks ;) however, this is hardly surprising or new, as I for one have been seeing articles detailing/promising problems in Cisco BGP for quite some time now. perhaps it's also a good time to lobby management for replacing overpriced proprietary routing equipment with a nice Soekris or Via C3 running your favourite OS...

    1. By Anonymous Coward ( on

      prehaps this will help move the industry towards the version of tcp?

  3. By Honz ( on

    I think this is all part of Theo's master plan; Perfectly coinsiding with the release of OpenBSD 3.5. Aaah, the beauty of it all.

Latest Articles


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]