RE: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
Any way you could expand on this, Peter? (Or anyone else?) Here is the thread on Quagga: http://lists.quagga.net/pipermail/quagga-users/2004-April/001748.html P --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
In the news, there's mention of a TCP vulnerability that may impact LEAF. Apologies if this is not relevant to us. This vulnerability is 3 years old. Linux was patched even then, so LEAF is ok :). details: http://www.us-cert.gov/cas/techalerts/TA04-111A.html I checked with Zebra/Quagga folks about BGP; they said it is O/S dependant. So LEAF and even Bering's bgpd.lrp are ok :) Cheers, P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
At 04:07 PM 4/21/2004 -0700, Peter Mueller wrote: In the news, there's mention of a TCP vulnerability that may impact LEAF. Apologies if this is not relevant to us. This vulnerability is 3 years old. Linux was patched even then, so LEAF is ok :). Any way you could expand on this, Peter? (Or anyone else?) As I read the more technical summaries, the underlying vulnerability itself is extremely old but hard to exploit in practice. What's (relatively) new is that the interaction of the vulnerability itself with the, relatively recent, ability to set the TCP window (the receive buffer) to be as large as a gigabyte, makes systems that actually use very large TCP windows vulnerable in practical terms. (That's why the focus is on BGP; apparently many high-capacity routers running BGP use very large receive buffers.) Older fixes -- the most common one is using a good randomizer to pick the starting Sequence Identifier and randomizing source-port selection -- do not address the new vulnerability. Keeping the receive buffer smaller does reduce the risk, by a lot. So ... does Linux restrict the TCP window to a relatively safe size? (Most likely it does; even 64 KB, the old maximum, is quite safe.) Does it actually refuse to accept RST instructions unless the accompanying Sequence Identifier is the *exact* value expected? (I'm not even sure if this is in-spec for a TCP stack.) Does it do something else? Or am I misunderstanding all of this stuff in some fundmental way? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
Peter Mueller wrote: In the news, there's mention of a TCP vulnerability that may impact LEAF. Apologies if this is not relevant to us. This vulnerability is 3 years old. Linux was patched even then, so LEAF is ok :). Hmmm. The date on the us-cert.org notice is for Apr 21/2004. I think that what may be new is that it was originally thought to require a seq num match that was previously considered improbable to guess, but is now considered to be 'easy' to guess. Page: http://www.kb.cert.org/vuls/id/415294 has some more details. Anyway the folks at Cisco have, as of Apr 20/2004 identified _all_ of their products as vulnerable. I can't say for sure but I would be surprised to see Cisco using software that contained a vulnerability that was identified and corrected (in other products/OS'es) 3 years ago. Perhaps you're thinking of a different vulnerability? details: http://www.us-cert.gov/cas/techalerts/TA04-111A.html I checked with Zebra/Quagga folks about BGP; they said it is O/S dependant. So LEAF and even Bering's bgpd.lrp are ok :) That makes sense because (I think) the TCP stack is maintained by the OS. scott; canada Cheers, P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html