Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
1
Replies

Blind TCP Reset Vulnerability

ahmadfarkhan
Level 1
Level 1

‎08-04-2015 08:46 AM

Hi,

 

I've configured ASR9010 with version 5.2.2 and after scan with retina scanner (beyond trust) found out high risk which is "blind tcp reset vulnerability". Did cisco has SMU to patch this risk or any command that can use to eliminate this attack ?. Many thanks.

 

Labels:
0 Helpful
1 Reply 1

xthuijs
Cisco Employee
Cisco Employee

‎08-04-2015 11:15 AM

hi ahmad,

this is a rather artificial and academic attack possibility:

the attacker has to know the precise source/dest on L3 and L4 and then guesstimate the sequence number in order to exploit this.

since in XR BGP, the most likely potential for this "attack" because of long lived tcp sessions is protected heavily by LPTS with a full tupple of L3/L4 info and even possibility of TTL check in hardware (and if no match it will get dropped in hw also) there is a very small chance that someone may be able to get any possibly joy out of this.

Other TCP sessions such as telnet or ftp are too short lived for it to be even worth attacking/exploiting.

If you are truly concerned about this adding ttl security and possibly md5 for bgp will alleviate this all together.

regards!

xander

0 Helpful
Customers Also Viewed These Support Documents