>
> Just got the advisory and it makes me a bit nervous. We are currently
> using appropriate filters on both internal and external routers of our screened
> gateway, so I am not too worried about the spoofing bit. But the
> hijacked connections make me wonder. Several of our internal folks
> regularly use the SNK-004 keys to telnet in from outside. I suppose
> if someone has written a tool to guess TCP sequence numbers and it is
> being actively distributed (hence the article, the advisory, etc), is
> it just a matter of running it to hijack a telnet session in progress? I
> suppose the intruder would have to be along the path of the connection, no?
> Egad, what can be done about this?? I suppose end-to-end encrypted telnet
> would help, but that is certainly not an easy solution...
>
I would think that a tool that controls (return) tcp port connectivity
would make this entire issue moot, or at least throw a big monkey wrench
in the entire predictability scheme.
- paul
_______________________________________________________________________________
Paul Ferguson
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
hawk .
sprintmrn .
com
Reston, Virginia USA http://www.sprintmrn.com
Follow-Ups:
References:
-
CERT advisory
From: z056716 @
uprc .
com (LaCoursiere J. D. (Jeff))
|
|
