From owner-freebsd-security@FreeBSD.ORG  Tue Apr 20 11:26:31 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 85ED216A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 20 Apr 2004 11:26:31 -0700 (PDT)
Received: from smtp.des.no (flood.des.no [217.116.83.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E2AC143D49
	for <freebsd-security@freebsd.org>;
	Tue, 20 Apr 2004 11:26:30 -0700 (PDT)	(envelope-from des@des.no)
Received: by smtp.des.no (Pony Express, from userid 666)
	id BE1CB5311; Tue, 20 Apr 2004 20:26:29 +0200 (CEST)
Received: from dwp.des.no (des.no [80.203.228.37])
	by smtp.des.no (Pony Express) with ESMTP
	id ABF55530A; Tue, 20 Apr 2004 20:26:17 +0200 (CEST)
Received: by dwp.des.no (Postfix, from userid 2602)
	id 580C033C6C; Tue, 20 Apr 2004 20:26:17 +0200 (CEST)
To: Dragos Ruiu <dr@kyx.net>
References: <6.0.3.0.0.20040420125557.06b10d48@209.112.4.2>
	<xzphdve35oa.fsf@dwp.des.no> <200404201113.27737.dr@kyx.net>
From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
Date: Tue, 20 Apr 2004 20:26:17 +0200
In-Reply-To: <200404201113.27737.dr@kyx.net> (Dragos Ruiu's message of "Tue,
 20 Apr 2004 11:13:27 -0700")
Message-ID: <xzp65buh5fa.fsf@dwp.des.no>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63
cc: freebsd-security@freebsd.org
Subject: Re: TCP RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2004 18:26:31 -0000

Dragos Ruiu <dr@kyx.net> writes:
> On April 20, 2004 10:44 am, Dag-Erling Sm=F8rgrav wrote:
> > The advisory grossly exaggerates the impact and severity of this
> > fea^H^H^Hbug.  The attack is only practical if you already know the
> > details of the TCP connection you are trying to attack, or are in a
> > position to sniff it.
> This is not true. The attack does not require sniffing.

You need to know the source and destination IP and port.  In most
cases, this means sniffing.  BGP is easier because the destination
port is always 179 and the source and destination IPs are recorded in
the whois database, but you still need to know the source port.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no