| Author | Message | Time |
|---|---|---|
| Stealth | There has apparently been discovered a vulnerability in the TCP protocol. (SlashDot readers will know this fairly soon if they don't already. ;) ) US-CERT document: http://cert.gov/cas/techalerts/TA04-111A.html British NISCC Vulnerability Advisory: http://www.uniras.gov.uk/vuls/2004/236929/index.htm This could get ugly. (Could this get ugly?) | April 20, 2004, 7:40 PM |
| St0rm.iD | I thought guessing sequence numbers was an old thing? | April 20, 2004, 7:50 PM |
| iago | [quote author=St0rm.iD link=board=2;threadid=6395;start=0#msg55977 date=1082490657] I thought guessing sequence numbers was an old thing? [/quote] If that's the same thing I recently read, it can be done without guessing sequence numbers. All you need to know is the source/dest port/ip. | April 20, 2004, 7:59 PM |
| iago | [quote author=Stealth link=board=2;threadid=6395;start=0#msg55975 date=1082490033] This could get ugly. (Could this get ugly?) [/quote] I don't think so, from what I've seen you rarely know the necessary ports, and even if you do most connections could be remade anyway. I don't see this being much of a problem. | April 20, 2004, 8:01 PM |
| Stealth | Ah well. It's newsworthy, anyways. =) | April 21, 2004, 5:13 AM |