Thursday, April 22, 2004

TCP RST's

Just a quick one...

The hot topic of the week is the TCP RST vulnerability. Dana Epp has a post about it.

Personally, I don't think that it's that big of an issue because you need the following:
  - Src & Dst IP (one of which is more or less dynamic)
  - Src & Dst Port (one of which is ephemeral)
  - the range of sequence #'s (which are in a sliding window).

For this type of attack to be successful, you either:
  - be inline so that you can sniff the one IP, the ephemeral port, and the sequence number window, or
  - need a massively distributed zombie army to brute force the same information.

Certain protocols which use consistent source and/or destination IP's and/or ports are statistically more at risk but I still don't think it's that much of a vulnerability. Local wireless attacks are more like as being "inline" only requires proximity to the AP.

Then again, I could be wrong.