|
Hello Brad,
Am 12.01.2023 um 18:34 schrieb Brad Stone <bvstone@xxxxxxxxx>:
Here is a link to the IBM document that they used:https://www.ibm.com/support/pages/tcp-sequence-number-approximation-based-denial-service-cve-2004-0230
From the description I'd say: This is a very theoretical attack vector.
Did those guys actually read what's written on there?
Description: TCP, when using a large Window Size, makes it easier forremote attackers to guess sequence numbers and cause a denial of service
(connection loss) to persistent TCP connections by repeatedly injecting a
TCP RST packet, especially in protocols that use long-lived connections,
such as BGP.
Some of these "security guys" sometimes have lost common sense. They focus
purely on "There's a security issue you didn't address!!!1111". Generating
boss-panick but fail a basic reality check: What's the impact and how
likely is it that this impact happens? Ask an insurance agent about that
topic! They know perfectly well about the concept! :-)
First: The worst thing that can happen is that an existing TCP connection
is forced to be reset. OMG! Wir werden alle störben!!
The only long lived TCP (!) connections from or on an IBM i I can think of
are 5250 emulation sessions (telnet). I guess there are virtually no shops
exposing 5250 to the internet. Yes, pub400 is an exception. If those
sessions are routed through a VPN tunnel, there's no direct exposure of TCP
packets on the internet. I guess that's how most IBM i are accessed
nowadays from outside the local network.
:wq! PoC
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.