[Intrusions] rsvp traffic question

Sat Jan 8 16:38:03 GMT 2005

Hi everyone,

Anyone seeing activity aimed at rsvp? No packets available here.

Thanks,

Pat

Date:                                     7Jan2005
Time:                                    16:12:37
Interface:                               eth1c0
Type:                                     Log
Action:                                   Accept
DPort:                                   smtp (25)
Source:                                 xxx.xxx.xxx.xxx
Destination:                          Mail_External
Protocol:                                tcp
Source Port:                         45580

Date:            7Jan2005
Time:            16:12:37
Interface:      eth1c0
Type:            Log
Action:          Drop
Source:         xxx.xxx.xxx.xxx
Destination: Mail_External
Protocol:       rsvp

xxxxxxxxxxxxxxxx

"The Quality of Service RSVP service starts on a computer that is running 
Windows 2000 Server even if you are not using Quality of Service"
Article ID : 840463
Last Review : January 3, 2005
Revision : 3.0

http://support.microsoft.com/?kbid=840463

xxxxxxxxxxxxxxxxxxx

http://www.securityfocus.com/archive/1/332601/2003-08-10/2003-08-16/2

Introduction
------------

The resource reservation protocol (RSVP) is used within the Subnet
Bandwidth Management protocol (RFC 2814) and is vulnerable to allowing a
rogue host hijack control of a server via the use of priority assignemnt.
By specifying a higher priority than the current RSVP server would allow
the current server to be pre-empted and a rogue one take its place. 