-
April 21st, 2004, 02:23 PM
#11
This is news? Must be a slow day. Until we see it being exploited in the wild, I'm not sure there's a whole lot of reason for concern or shouting...
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
April 21st, 2004, 03:00 PM
#12
-
April 21st, 2004, 03:40 PM
#13
Ok, so now I am curious. I was quite happy with thehorse13's explanation at the top.
So one of two things is happening, and I strongly suspect that part of it is to generate publicity for Watson's upcoming conference....
Either it really is a potential problem, and nobody has stumbled across it in the last year since its discovery (which I find unlikely)..
Or the media is blowing everything wholly out of proportion, which we all know the American press in inclined to do anyway. The part I find intriguing is that it's spreading to other more credible sources... so now I'm not exactly sure what to think. I guess we'll just have to wait and see.
-
April 22nd, 2004, 07:42 AM
#14
TCP Vulnerability
Heads up everyone, anything that uses the TCP protocal is in for some serious crap:
http://www.infoworld.com/article/04/...warning_1.html
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
April 22nd, 2004, 07:49 AM
#15
Hey Hey,
For anyone who's interested, there's some what of a discussion @ http://www.antionline.com/showthread...hreadid=256932
I believe it was mentioned in another thread as well, but that's the only one that really had any activity.
Thanks for the new link on the subject LB.
Peace,
HT
-
April 22nd, 2004, 08:01 AM
#16
Before going off the deep end on this like most people have, please read the SANS ISC report
http://isc.sans.org/diary.php?date=2004-04-20
and take a good look at the solutions and what is truly affected. Some vendors have previously, or recently fixed this already (or at least fixed to the best of they're ability). This report also reiterates the most likely use of this flaw. If you werent using checksums on your BGP and VPN's everywhere possible you should be now.....
On a coincedental note, I wonder what with all the recent major vulnerabilites popping out why the media chose to latch on to this one?? It's big but the recent SSL issues and even todays Cisco SNMP issue are just as likely to affect backbones....
the Cisco SNMP reload issue can be found here:
http://www.cisco.com/warp/public/707...420-snmp.shtml
They are right though, when it rains it pours!! While we all wait for vendor patches, watch in amazement as 80% of the world doesnt patch, and scream in anguish at the systems we cant patch we can only hope that it gets better? I shoulda been a garbageman.
~THEJRC~
I\'ll preach my pessimism right out loud to anyone that listens!
I\'m not afraid to be alive.... I\'m afraid to be alone.
-
April 22nd, 2004, 08:16 AM
#17
It's an old theory, but a new way to exploit the flaw. The reason for the uproar is that it is so widely effecting. In all the documentation mention of checksumming bgp transmission to mitigate this is there, and honestly if your running a core router (or even a small network router) with BGP and your not checksumming... then maybe you shouldnt be in charge of that router. Much like any other state based attack this can open the door for yet another bunch of scripts for yet another bunch of losers to use to launch yet another type of denial of service... And while activity may hit in the short term and it may cause some problems... eventually it will calm, and end up being just another denial of service.... which makes me wonder.... if everyone used ingress filtering, broadcast amplification wouldnt be a problem and yet broadcast based DDOS attacks are still just as possible. Perhaps we're just looking at another pain in the netadmins arse...
Or I could be off base and the age old TCP protocol may be in desparate need of revamping, why IPV6 never rolled the way they planned is another question we may need to ask. Rates right up there with why people still dont update antivirus, why VPN's arent in use more often, and why we've all become so reliant on vendors to patch things in "the nick of time".
/end rant
~THEJRC~
I\'ll preach my pessimism right out loud to anyone that listens!
I\'m not afraid to be alive.... I\'m afraid to be alone.
-
April 22nd, 2004, 10:16 AM
#18
Junior Member
for all the "kiddies", I decided to go ahead and make a tool that can execute this attack. this way people will have something they can actually play with, see how it works and understand what the impact is.
You can read about it at www.iamaphex.net
Or you can download the tool directly from http://www.iamaphex.net/modules.php?...q=getit&lid=52
This works on Windows 2K and XP only (untested on 2003) because it needs raw sockets to spoof the ip addresses.
-
April 22nd, 2004, 10:38 AM
#19
I'm just waiting to see what happens when after Cisco releases its new IOS, only 20% of network admins upgrade.
I can see your vision JRC, it is kinda like the beginning of Terminator. A network admin is at his office at his computer. He has just downloaded the latest patches for everything, however he decides that he will patch everything tommorrow.
Then you just pan through a bunch of burning computers where his network once stood while giant armored skiddes run through with their DoS Guns from the future.
(Add On)
You know, after going to the "affamed" hackers webpage www.terrorist.net I don't think the net has anything to worry about. If the kid that claims he can take down the internet can't even construct a working webpage, well...<insert sarcasm here>
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
April 22nd, 2004, 10:45 AM
#20
Merged another thread into here.
for all the "kiddies", I decided to go ahead and make a tool that can execute this attack. this way people will have something they can actually play with, see how it works and understand what the impact is.
Don't I know you from somewhere??
Something does strike me about this and perhaps I missed it in all the other posts but don't you need to know that the connection exists to be able to kill it and doesn't ettercap do this already!? (maybe I'm missing something here..)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|