[Dshield] Vulnerability Issues in TCP

Pete Cap peteoutside at yahoo.com
Thu Apr 22 20:49:53 GMT 2004


George, Rick, other Peter,

Ok, maybe I need to clarify.  My confusion on this
issue is not due to the fact that I don't understand
TCP/IP (I do) nor that I haven't read any of the
technical advisories (I have read all info concerning
this).

My issue here is that specific products are vulnerable
due to the way they were designed (e.g. WinNT's
easy-to-guess ISNs).  Then it hits the popular press
and a failure on the part of those vendors somehow
becomes a deficiency in TCP...?

Yes, I know the advisory states that this is a
"vulnerability in TCP."  Yeah, in the same way that
people are vulnerable to bullets.  When I began
learning about hacks one of the first things we
learned was that the TCP session was vulnerable to
this kind of thing...so why the alarm all of a sudden?

Maybe I'm just paranoid, I dunno, it just seems fishy,
is all.


	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash



More information about the list mailing list