mailing list archives
Re: Vulnerability in TCP
From: Valdis.Kletnieks () vt edu
Date: Fri, 25 Jun 2010 21:14:08 -0400
On Fri, 25 Jun 2010 14:49:00 EDT, musnt live said:
TCP is called Transmission Control Protocol and it can be with easily
Only if the vendor is Doing It Very Wrong.
RFC1948 Defending Against Sequence Number Attacks. S. Bellovin. May 1996.
(Format: TXT=13074 bytes) (Status: INFORMATIONAL)
A few years later, Michal Zalewski wrote a paper about it:
And a year after that, a follow up:
The problem was known for a long time before that:
R.T. Morris, "A Weakness in the 4.2BSD UNIX TCP/IP Software",
CSTR 117, 1985, AT&T Bell Laboratories, Murray Hill, NJ.
Any vendor still botching it in 2010 deserves to be mocked mercilessly.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/