[geeks] Ouch... I smell the internet going down soon.

Mike Meredith mike at blackhairy.demon.co.uk
Tue Apr 20 16:57:11 CDT 2004


On Tue, 20 Apr 2004 14:11:29 -0400, Thomas Gallaway wrote:
> This looks rather serious. Flaw in TCP....
> 
> http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat

Some of the more level-headed people on NANOG think the danger is
overstated (and that's putting it mildly). Given the explanations
floating around there, it also seems so to me ... although this stuff is
a little deeper than I usually work at and I've got a head cold right
now.

In addition to guessing the TCP sequence number window, an attacker
would also need to guess the source port number which decreases the
probability of getting the right numbers considerably. Someone has
calculated that without knowledge an attack would take at least 59
hours.

There's easier ways to attack a service.

It's also not new ... it's pretty much plainly stated in RFC793. If it
was a major problem, wouldn't it have been used by now ?



More information about the geeks mailing list