[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Wed Apr 21 13:22:29 2004 -->
- <!--x-from-r13: rfbgrevp ng 3gvzrf25.arg (Urbsserl) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] [Fwd: IETF Draft on Transmission Control Protocol security considerations] -->
- <li><em>date</em>: Wed Apr 21 13:22:29 2004</li>
- <li><em>from</em>: esoteric at 3times25.net (Geoffrey)</li>
- <li><em>subject</em>: [ale] [Fwd: IETF Draft on Transmission Control Protocol security considerations]</li>
-------- Original Message --------
Subject: IETF Draft on Transmission Control Protocol security considerations
Date: Tue, 20 Apr 2004 17:47:06 -0700
From: Thor Larholm <thor at pivx.com>
To: <bugtraq at securityfocus.com>, <ntbugtraq at listserv.ntbugtraq.com>
>From the Abstract:
TCP (RFC793 [1]) is widely deployed and one of the most often used
reliable end to end protocols for data communication. Yet when it was
defined over 20 years ago the internet, as we know it, was a
different place lacking many of the threats that are now common.
Recently several rather serious threats have been detailed that can
pose new methods for both denial of service and possibly data
injection by blind attackers. This document details those threats and
also proposes some small changes to the way TCP handles inbound
segments that either eliminate the threats or at least minimize them
to a more acceptable level.
<a rel="nofollow" href="http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt";>http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt</a>
This is in response to Technical Cyber Security Alert TA04-111A
<a rel="nofollow" href="http://www.us-cert.gov/cas/techalerts/TA04-111A.html";>http://www.us-cert.gov/cas/techalerts/TA04-111A.html</a>
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
<a rel="nofollow" href="http://www.pivx.com";>http://www.pivx.com</a>
thor at pivx.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<<a rel="nofollow" href="http://www.qwik-fix.net";>http://www.qwik-fix.net</a>>
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00883" href="msg00883.html">[ale] [Fwd: IETF Draft on Transmission Control Protocol securityconsiderations]</a></strong>
<ul><li><em>From:</em> runman at speedfactory.net (Greg)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00878.html">[ale] Middle GA Linux User Group</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00880.html">[ale] Fry's Electronics</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00878.html">[ale] Middle GA Linux User Group</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00883.html">[ale] [Fwd: IETF Draft on Transmission Control Protocol securityconsiderations]</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00879"><strong>Date</strong></a></li>
<li><a href="threads.html#00879"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>