tcp exploit

Contributed by sean on 2004-04-20 from the theoretical until proven otherwise dept.

ronaldraymond writes:
guess this issue had some base in reality after all.

Apparently the base tcp implimentation has some problems.

It's even on slashdot so it must be true...

(Comments are closed)

Comments

By Steve (213.118.75.98) on 2004-04-20 22:27

As Theo stated on misc@, Cisco has got a HUGE problem: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800ad25b.html
By grey (24.81.12.234) on 2004-04-21 02:25

Also check: http://www.uniras.gov.uk/vuls/2004/236929/index.htm
That link notes the source of the discovery and notes that a presentation will be given at CanSecWest which we've mentioned on undeadly in the past (starts tomorrow if you're in Vancouver).
Comments
1. By j0rd (64.114.241.77) mits_rox@hatmail.com on 2004-04-22 15:52 http://j0rd.ath.cx
  
  and got 2000$
By mike (217.162.14.216) on 2004-04-21 11:56

well, having read through the thread on misc@ and the uk advisory, and not being an expert on anything, it's not as bad as it sounds for your obsd boxen, but pretty worrying for the rest of the net... basically, obsd already has some mechanisms that limit the risks (ie. randomization in port attributions, better sequence number generation etc.) the advisory specifically mentions BGP as the prime target, but even obsd's upcoming BGP implementation seems to contain mitigating factors with more to come post-release. this has to be seen in the context that even if you're running a secure all-obsd (or whatever) network locally or even across networks, somewhere upstream you're pretty sure to find vulnerable Cisco or other routing equipment. which pretty much leaves us all with the potential for very "secure" (read UNCONNECTED) networks ;) however, this is hardly surprising or new, as I for one have been seeing articles detailing/promising problems in Cisco BGP for quite some time now. perhaps it's also a good time to lobby management for replacing overpriced proprietary routing equipment with a nice Soekris or Via C3 running your favourite OS...
Comments
1. By Anonymous Coward (68.18.33.231) on 2004-04-21 14:28
  
  prehaps this will help move the industry towards the version of tcp?
By Honz (216.123.227.110) on 2004-04-21 17:57

I think this is all part of Theo's master plan; Perfectly coinsiding with the release of OpenBSD 3.5. Aaah, the beauty of it all.

Latest Articles

Tue, May 19
- 13:27 OpenBSD 7.9 Released (1)
Sat, May 16
- 06:46 Migrating mail servers from exim to OpenSMTPD (smtpd) is fun and useful (0)
Wed, May 13
- 06:49 Automatic expiry at timeout for pf(4) overload tables (0)
Tue, May 12
- 11:52 Let's find out how to get predictable IPv6 addresses assigned to OpenBSD VMs (0)
- 05:26 Game of Trees 0.125 released (0)
Mon, May 11
- 20:20 Recent downtime (2)
Mon, Apr 20
- 08:58 LibreSSL 4.3.1 released (0)
- 05:32 OpenBSD -current is now "7.9-current" (0)
Wed, Apr 15
- 11:56 rpki-client 9.8 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]