Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Core Internet technology found vulnerable

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    This is news? Must be a slow day. Until we see it being exploited in the wild, I'm not sure there's a whole lot of reason for concern or shouting...
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  2. #12
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    -Simon \"SDK\"

  3. #13
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Ok, so now I am curious. I was quite happy with thehorse13's explanation at the top.

    So one of two things is happening, and I strongly suspect that part of it is to generate publicity for Watson's upcoming conference....

    Either it really is a potential problem, and nobody has stumbled across it in the last year since its discovery (which I find unlikely)..

    Or the media is blowing everything wholly out of proportion, which we all know the American press in inclined to do anyway. The part I find intriguing is that it's spreading to other more credible sources... so now I'm not exactly sure what to think. I guess we'll just have to wait and see.

  4. #14
    Senior Member
    Join Date
    Sep 2003
    Posts
    500

    TCP Vulnerability

    Heads up everyone, anything that uses the TCP protocal is in for some serious crap:

    http://www.infoworld.com/article/04/...warning_1.html
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  5. #15
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,


    For anyone who's interested, there's some what of a discussion @ http://www.antionline.com/showthread...hreadid=256932

    I believe it was mentioned in another thread as well, but that's the only one that really had any activity.

    Thanks for the new link on the subject LB.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #16
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    Before going off the deep end on this like most people have, please read the SANS ISC report

    http://isc.sans.org/diary.php?date=2004-04-20

    and take a good look at the solutions and what is truly affected. Some vendors have previously, or recently fixed this already (or at least fixed to the best of they're ability). This report also reiterates the most likely use of this flaw. If you werent using checksums on your BGP and VPN's everywhere possible you should be now.....

    On a coincedental note, I wonder what with all the recent major vulnerabilites popping out why the media chose to latch on to this one?? It's big but the recent SSL issues and even todays Cisco SNMP issue are just as likely to affect backbones....

    the Cisco SNMP reload issue can be found here:

    http://www.cisco.com/warp/public/707...420-snmp.shtml

    They are right though, when it rains it pours!! While we all wait for vendor patches, watch in amazement as 80% of the world doesnt patch, and scream in anguish at the systems we cant patch we can only hope that it gets better? I shoulda been a garbageman.
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  7. #17
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    It's an old theory, but a new way to exploit the flaw. The reason for the uproar is that it is so widely effecting. In all the documentation mention of checksumming bgp transmission to mitigate this is there, and honestly if your running a core router (or even a small network router) with BGP and your not checksumming... then maybe you shouldnt be in charge of that router. Much like any other state based attack this can open the door for yet another bunch of scripts for yet another bunch of losers to use to launch yet another type of denial of service... And while activity may hit in the short term and it may cause some problems... eventually it will calm, and end up being just another denial of service.... which makes me wonder.... if everyone used ingress filtering, broadcast amplification wouldnt be a problem and yet broadcast based DDOS attacks are still just as possible. Perhaps we're just looking at another pain in the netadmins arse...

    Or I could be off base and the age old TCP protocol may be in desparate need of revamping, why IPV6 never rolled the way they planned is another question we may need to ask. Rates right up there with why people still dont update antivirus, why VPN's arent in use more often, and why we've all become so reliant on vendors to patch things in "the nick of time".

    /end rant
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  8. #18
    Junior Member
    Join Date
    Apr 2004
    Posts
    2
    for all the "kiddies", I decided to go ahead and make a tool that can execute this attack. this way people will have something they can actually play with, see how it works and understand what the impact is.

    You can read about it at www.iamaphex.net

    Or you can download the tool directly from http://www.iamaphex.net/modules.php?...q=getit&lid=52

    This works on Windows 2K and XP only (untested on 2003) because it needs raw sockets to spoof the ip addresses.

  9. #19
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    I'm just waiting to see what happens when after Cisco releases its new IOS, only 20% of network admins upgrade.

    I can see your vision JRC, it is kinda like the beginning of Terminator. A network admin is at his office at his computer. He has just downloaded the latest patches for everything, however he decides that he will patch everything tommorrow.

    Then you just pan through a bunch of burning computers where his network once stood while giant armored skiddes run through with their DoS Guns from the future.

    (Add On)

    You know, after going to the "affamed" hackers webpage www.terrorist.net I don't think the net has anything to worry about. If the kid that claims he can take down the internet can't even construct a working webpage, well...<insert sarcasm here>
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  10. #20
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Merged another thread into here.

    for all the "kiddies", I decided to go ahead and make a tool that can execute this attack. this way people will have something they can actually play with, see how it works and understand what the impact is.
    Don't I know you from somewhere??

    Something does strike me about this and perhaps I missed it in all the other posts but don't you need to know that the connection exists to be able to kill it and doesn't ettercap do this already!? (maybe I'm missing something here..)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •