[ISN] TCP, BGP, DoS, and BS

From: InfoSec News (isn@private)
Date: Fri Apr 23 2004 - 02:20:43 PDT

  • Next message: InfoSec News: "[ISN] Hackers: Under the hood - Kevin Mitnick"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>
    
    The sky is falling!  We're all going to die!
    
    No, it's not.  No, we're not
    
    The latest "death of the net" rumour has to do with a recent paper
    that discusses the fact that something called "session hijacking" can
    be used to force an end to a specific connection (connected sessions
    over the Internet use an arrangement called TCP).  If the session is
    ended or disconnected, you will be effectively denied the service you
    were attempting to obtain.  Connected sessions are used for everything
    from transferring files to connecting to the Internet in special ways
    to virtual private networks.  Sometimes they are used to transfer
    information between the machines that decide where Internet traffic
    goes (called routers).  If the routers can't keep up to date, the
    Internet will not be as effective as it should be.
    
    So you will have heard that there is a new threat to the Internet,
    that it is a denial of service attack, that it can disconnect you from
    the net, that it can kill your sessions, that it affects the routers
    (and a router protocol called BGP), and that sessions can be hijacked.
    
    None of this is new.  What is new is a paper that was originally
    presented in England, caught the attention of the media there, and has
    spread, kinda like a hoax virus warning, from media outlets to
    bandwagon jumpers in the security field and back to the media, around
    the world.
    
    Denial of service attacks are not new.  Session hijacking is not new.  
    Using TCP resets and session hijacking in combination has not been
    used in specific attacks before, but all the parts of this attack are
    well known to people who deal with such things.  There are even ways
    to protect against this attack, and some institutions use them.
    
    So, rather than talking about the death of the net, and "The Man Who
    Saved the Internet":
    
    Net not dead, but was coughing up blood last night.  Phlegm at 11.
    
    
    ======================  (quote inserted randomly by Pegasus Mailer)
    rslade@private      slade@private      rslade@private
    Being in politics is like being a football coach. You have to be
    smart enough to understand the game and dumb enough to think it's
    important.
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri Apr 23 2004 - 03:55:58 PDT