> Just got the advisory and it makes me a bit nervous. We are currently
> using appropriate filters on both internal and external routers of our screened
> gateway, so I am not too worried about the spoofing bit. But the
> hijacked connections make me wonder. Several of our internal folks
> regularly use the SNK-004 keys to telnet in from outside. I suppose
> if someone has written a tool to guess TCP sequence numbers and it is
> being actively distributed (hence the article, the advisory, etc), is
> it just a matter of running it to hijack a telnet session in progress? I
> suppose the intruder would have to be along the path of the connection, no?
> Egad, what can be done about this?? I suppose end-to-end encrypted telnet
> would help, but that is certainly not an easy solution...
I would think that a tool that controls (return) tcp port connectivity
would make this entire issue moot, or at least throw a big monkey wrench
in the entire predictability scheme.
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
Reston, Virginia USA http://www.sprintmrn.com
From: z056716 @
com (LaCoursiere J. D. (Jeff))