GEN:SID | 1:2523 |
Message | DOS BGP spoofed connection reset attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Transmission Control Protocol (TCP) used in Border Gateway Protocol (BGP).
|
Impact | Denial of Service (DoS).
|
Detailed Information | The Border Gateway Protocol uses TCP to maintain sessions when handling DNS queries. A vulnerability in the core implementation of TCP may make it possible for an attacker to reset a number of connections and cause a Denial of Service (DoS) to occur.
The attack is possible because the listening service will accept a TCP sequence number within a range of what is expected in an established session. Since BGP relies on an established TCP session state, guessing a suitable sequence number to reset connections is feasible.
|
Affected Systems | Various implementations of TCP by multiple vendors
|
Attack Scenarios | An attcker needs to send a specially crafted packet to reset a connection.
|
Ease of Attack | Simple. Exploits are available.
|
Corrective Action | Apply the appropriate vendor supplied patches
|
Additional References | |
Rule References | bugtraq: 10183
cve: 2004-0230
url: www.uniras.gov.uk/vuls/2004/236929/index.htm
|