| 1 |
On 20.04.2004 22:31, Devon wrote: |
| 2 |
|
| 3 |
> I think they focused on BGP because bringing down BGP connections would |
| 4 |
> cause route damping and take networks offline and cause outages for a |
| 5 |
> larger portion of people versus sending a RST for someone's large FTP |
| 6 |
> download. :) Unless my understanding is wrong, this would affect *any* |
| 7 |
> established TCP connection that is open for a period of time. |
| 8 |
|
| 9 |
Yep... and it seems to be an easier target, cause it uses long lived TCP |
| 10 |
connections and the ports are sometimes available through looking |
| 11 |
glasses. (taken from above article) |
| 12 |
|
| 13 |
> Does anyone have any information about the Linux kernel? I checked the |
| 14 |
> linux-kernel ML at MARC, but I didn't see anything about it. I saw |
| 15 |
> something from Theo on the OpenBSD mailing list that OpenBSD had some |
| 16 |
> protection already. I saw some discussion on the FreeBSD mailing lists |
| 17 |
> and the Debian mailing lists also. |
| 18 |
|
| 19 |
Not sure. What first came to my mind is some configuration option in a |
| 20 |
grsecurity patched kernel, which replaces the way of selecting ISNs from |
| 21 |
the way Linux does to how OpenBSD does... random that seems to be. |
| 22 |
|
| 23 |
|
| 24 |
According to posts on NANOG, this appears to be the reason why md5 |
| 25 |
authentication seems to be spreading wider lately. |
| 26 |
|
| 27 |
Matthias |
| 28 |
|
| 29 |
P.S.: |
| 30 |
Only had a very quick look, so I hope I'm not mistaken. |
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
-- |
| 35 |
gentoo-security@g.o mailing list |
Archives