[Dshield] Vulnerability Issues in TCP

Rick Klinge rick at jaray.net
Thu Apr 22 15:50:30 GMT 2004


> list-bounces at lists.dshield.org 
> <mailto:list-bounces at lists.dshield.org> wrote on Thursday, 
> April 22, 2004 1:44 PM UTC+3 on behalf of Pete Cap
> 
> | 
> | Someone please correct me if I'm wrong, but,
> | notwithstanding the AP news stories about this "vulnerability," is 
> | this not a problem with the IMPLEMENTATION of TCP rather than a 
> | problem with the underlying protocol itself?
> | 
> 
> 
> Pete et al.
> 
> IMHO, the vulnerability is in TCP.
> 
>    - Multiple systems affected by vulnerability in TCP -
> 
> US-CERT/CC has published, at 
> http://www.us-cert.gov/cas/techalerts/TA04-111A.html, an 
> advisory about a vulnerability in TCP that could allow a 
> malicious user to carry out denial of service attacks.
> 
> This is a serious problem, as multiple implementations of the 
> BGP (Border Gateway Protocol) rely on TCP to maintain 
> permanent unauthenticated network sessions. Therefore, the 
> vulnerability detected could allow remote attackers to 
> terminate network sessions.
> 
> Although BGP (designed to exchange information between 
> routers and other devices) has been identified as vulnerable, 
> the problem could affect any other protocol or service that 
> rely on persistent TCP connections.
> 
> Some manufacturers, such as Cisco (*), have already published 
> advisories about the impact of this vulnerability on their systems.
> 
> As a workaround, users are recommended to implement and use 
> cryptographically secure protocols. Similarly, users are 
> advised to keep informed about the updates published by the 
> manufacturers of affected products.
> 
> (*) The advisories published by Cisco are available at: 
> http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-non
ios.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml



-   US-CERT/CC   -

Vulnerabilities in TCP

Systems Affected

    * Systems that rely on persistent TCP connections, for example routers
supporting BGP

Overview

Most implementations of the Border Gateway Protocol (BGP) rely on the
Transmission Control Protocol
(TCP) to maintain persistent unauthenticated network sessions. There is
vulnerability in TCP, which allows remote attackers to terminate network
sessions. Sustained exploitation of this vulnerability could lead to a
denial of service condition; in the case of BGP systems, portions of the
Internet community may be affected. Routing operations would recover quickly
after such attacks ended.

http://www.us-cert.gov/cas/techalerts/TA04-111A.html


HTH,
- Pete

Pete,

Our upstream provider has quit using BGP over 2 years ago and we have never
used it.  Does this still mean that "ANY Persistent TCP" connection could be
disrupted??

TNX,

~Rick

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list