Re: TCP Vulnerabilites - Windows affected?

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 04/25/04 

Date: Sun, 25 Apr 2004 16:36:48 -0400

Using spoofed TCP resets [and SYNs] to close connections affect pretty much
every OS, and probably will for a long time. It's a problem with IP v4, not
any one OS. BGP is the one discussed the most because it may be more
adversely impacted by a few TCP sessions being falsely reset. For example,
while Windows is theoretically vulnerable, would you really notice if one of
your Internet Explorer sessions was reset? Probably not.

It should also be noted that if the Internet was really at a huge risk of
problems due to this, it probably would already have happened by now. There
are a number of things that make this attack a little harder to execute than
the news articles made it sound like, and the author of the original article
seems to agree. Primarily, these attacks require that you know the source
and destination IP addresses and port numbers involved in the connection.
Despite what the original article says, this information is not trivial to
guess and probably isn't worth someone's time to do on most Windows systems.

"Alan" <anonymous@discussions.microsoft.com> wrote in message
news:B5075C85-26EA-4A26-A3BB-6A6A9B2DBCBB@microsoft.com...
> Are any of Microsofts products vulnerable to the recent TCP
Vulnerabilities?
>
> US-CERT: Technical Cyber Security Alert TA04-111A
> US-CERT: Vulnerability Note VU#415294
>
> Alan

Relevant Pages

  • Re: block CodeRed/Nimda at the firewall?
    ... <snip, thnx!> ... TCP uses the RST (Reset) bit in the TCP header to reset a TCP ... DROPing packets that are addressed to reserved ...
    (comp.os.linux.security)
  • Re: HELP: XP machine cant run TCP apps, DHCP works ok
    ... Is there a way to reset my TCP stack? ... I have an XP/sp2 laptop that has ceased to be able to do anything via ... It gets good DHCP info but browser, email, telnet, etc go ...
    (microsoft.public.windowsxp.network_web)
  • Re: TCP Resets
    ... What we are seeing is a large number of TCP resets coming ... from our AD Domain Controllers, ... Network Error:TCP Reset ... t say if this is normal or not, but it doesn't appear correct, since you mentioned Kerberos using TCP. ...
    (microsoft.public.windows.server.networking)
  • Re: Blocking/responding to port scans
    ... >> One problem comes with the TCP FIN, Xmas Tree, and null scans. ... >> Should I always return ICMP port unreachable, nothing, or a RESET. ... > I thought the best policy was to act as a black hole. ...
    (comp.os.linux.security)