lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <171552.1277514848@localhost>
Date: Fri, 25 Jun 2010 21:14:08 -0400
From: Valdis.Kletnieks@...edu
To: musnt live <musntlive@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerability in TCP

On Fri, 25 Jun 2010 14:49:00 EDT, musnt live said:
> TCP is called Transmission Control Protocol and it can be with easily
> testing spoofed.

Only if the vendor is Doing It Very Wrong.

RFC1948 Defending Against Sequence Number Attacks. S. Bellovin. May 1996.
     (Format: TXT=13074 bytes) (Status: INFORMATIONAL)

A few years later, Michal Zalewski wrote a paper about it:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.96.9652&rep=rep1&type=pdf

And a year after that, a follow up:
http://www.packetstormsecurity.org/papers/protocols/newtcp.htm

The problem was known for a long time before that:
R.T. Morris, "A Weakness in the 4.2BSD UNIX TCP/IP Software",
CSTR 117, 1985, AT&T Bell Laboratories, Murray Hill, NJ.
http://pdos.csail.mit.edu/~rtm/papers/117-abstract.html

Any vendor still botching it in 2010 deserves to be mocked mercilessly.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ