At 02:26 PM 20/04/2004, Dag-Erling Sm=F8rgrav wrote: >Dragos Ruiu <dr@kyx.net> writes: > > On April 20, 2004 10:44 am, Dag-Erling Sm=F8rgrav wrote: > > > The advisory grossly exaggerates the impact and severity of this > > > fea^H^H^Hbug. The attack is only practical if you already know the > > > details of the TCP connection you are trying to attack, or are in a > > > position to sniff it. > > This is not true. The attack does not require sniffing. > >You need to know the source and destination IP and port. In most >cases, this means sniffing. BGP is easier because the destination >port is always 179 and the source and destination IPs are recorded in >the whois database, but you still need to know the source port. While true, you do need the source port, how long will it take to=20 programmatically go through the possible source ports in an attack ? That=20 only adds 2^16-1024 to blast through ---Mike >DES >-- >Dag-Erling Sm=F8rgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"