Cisco Vulnerability in a Variant of the TCP Timestamps Option
Cisco yesterday reported a vulnerability with some implementations of the Transmission Control Protocol (TCP) Timestamps option (RFC1323) are vulnerable to a Denial of Service (DoS) attack from specifically crafted packets. Cisco also states that only certain implementations of the TCP Timestamps option are vulnerable. The entire security alert can be found here: http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
It's a little broader than just cisco equipment. http://www.securityfocus.com/bid/13676 "Fergie (Paul Ferguson)" <fergdawg@netzero.net> Sent by: owner-nanog@merit.edu 05/19/2005 10:11 AM To nanog@merit.edu cc Subject Cisco Vulnerability in a Variant of the TCP Timestamps Option Cisco yesterday reported a vulnerability with some implementations of the Transmission Control Protocol (TCP) Timestamps option (RFC1323) are vulnerable to a Denial of Service (DoS) attack from specifically crafted packets. Cisco also states that only certain implementations of the TCP Timestamps option are vulnerable. The entire security alert can be found here: http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
participants (2)
-
Fergie (Paul Ferguson)
-
trainier@kalsec.com