Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2523 |
Message | DOS BGP spoofed connection reset attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Transmission Control Protocol (TCP) used in Border Gateway Protocol (BGP). |
Impact | Denial of Service (DoS). |
Detailed Information | The Border Gateway Protocol uses TCP to maintain sessions when handling DNS queries. A vulnerability in the core implementation of TCP may make it possible for an attacker to reset a number of connections and cause a Denial of Service (DoS) to occur. The attack is possible because the listening service will accept a TCP sequence number within a range of what is expected in an established session. Since BGP relies on an established TCP session state, guessing a suitable sequence number to reset connections is feasible. |
Affected Systems | Various implementations of TCP by multiple vendors |
Attack Scenarios | An attcker needs to send a specially crafted packet to reset a connection. |
Ease of Attack | Simple. Exploits are available. |
Corrective Action | Apply the appropriate vendor supplied patches |
Additional References | |
Rule References | bugtraq: 10183 cve: 2004-0230 url: www.uniras.gov.uk/vuls/2004/236929/index.htm |
--
DID:727730
--
http://www.aanval.com/