× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hello Brad,

Am 12.01.2023 um 18:34 schrieb Brad Stone <bvstone@xxxxxxxxx>:

Here is a link to the IBM document that they used:

https://www.ibm.com/support/pages/tcp-sequence-number-approximation-based-denial-service-cve-2004-0230

From the description I'd say: This is a very theoretical attack vector. Did those guys actually read what's written on there?

Description: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Some of these "security guys" sometimes have lost common sense. They focus purely on "There's a security issue you didn't address!!!1111". Generating boss-panick but fail a basic reality check: What's the impact and how likely is it that this impact happens? Ask an insurance agent about that topic! They know perfectly well about the concept! :-)

First: The worst thing that can happen is that an existing TCP connection is forced to be reset. OMG! Wir werden alle störben!!

The only long lived TCP (!) connections from or on an IBM i I can think of are 5250 emulation sessions (telnet). I guess there are virtually no shops exposing 5250 to the internet. Yes, pub400 is an exception. If those sessions are routed through a VPN tunnel, there's no direct exposure of TCP packets on the internet. I guess that's how most IBM i are accessed nowadays from outside the local network.

:wq! PoC


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.