lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 20 Apr 2004 17:47:06 -0700
From: "Thor Larholm" <thor@...x.com>
To: <bugtraq@...urityfocus.com>, <ntbugtraq@...tserv.ntbugtraq.com>
Subject: IETF Draft on Transmission Control Protocol security considerations


>From the Abstract:

   TCP (RFC793 [1]) is widely deployed and one of the most often used
   reliable end to end protocols for data communication. Yet when it was
   defined over 20 years ago the internet, as we know it, was a
   different place lacking many of the threats that are now common.
   Recently several rather serious threats have been detailed that can
   pose new methods for both denial of service and possibly data
   injection by blind attackers. This document details those threats and
   also proposes some small changes to the way TCP handles inbound
   segments that either eliminate the threats or at least minimize them
   to a more acceptable level.

http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt


This is in response to Technical Cyber Security Alert TA04-111A

http://www.us-cert.gov/cas/techalerts/TA04-111A.html




Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 




Powered by blists - more mailing lists