Re: tcp vulnerability? haven't seen anything on it here...

From: jamal
Date: Fri Apr 23 2004 - 09:27:35 EST

I think the latency of my earlier email introduced by probably netdev is
creating a lot of "hostile" responses to me ;-> I feel like i am in
hostile path here ;->
I sent that email a long time ago, seems like netdev or my ISP decided
to deliver it now and reordered the delivery. This has happened to me a
few times before with netdev thats why i prefer to cc people whenever i
can (worst case they receive more than one message)
Consider that message obsolete. I know you can create this problem via
brute force as you explained in your later email (that showed up


On Fri, 2004-04-23 at 10:15, alex@xxxxxxxxxxxx wrote:
> > And for something like a huge download to just regular joe, this is more
> > of a nuisance assuming some kiddie has access between you and the
> > server. OTOH, long lived BGP sessions are affected assuming you are
> > going across hostile path to your peer.
> Again - no hostile path necessary. Attack is brute-force and does not rely
> on MITM.
> > So whats all this ado about nothing? Local media made it appear we are
> > all about to die.
> Pretty much.
> >
> > Is anyone working on some fix?
> In networking world, there was a craze of enabling TCP-MD5 for BGP
> sessions reacting to this attack. There is alternative solution, "TTL
> hack", relying that most BGP sessions are between directly-connected
> routers, so if connection originator sets TTL to 255 and receiver verifies
> that TTL on incoming packet is 255, you can be reasonably certain that the
> packet was sent by someone directly connected to you. ;)
> -alex

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at