Re: (PM) Re: Livingston Portmaster - ISN generation is loosy! (sic)

Josh Richards (jrichard@livingston.com)
Wed, 1 Jul 1998 21:39:14 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: I don't work for Lucent RABU: "Re: (PM) bri@livingston.com no longer at Livingston (fwd)"
Previous message: David Wolfskill: "Re: (PM) MTU size?"

On 1 Jul 1998, David Denney wrote:

> On Tue, Jun 30, 1998 at 01:39:57PM -0500, Todd R. Eigenschink wrote:
> > Making some hacks with Initial Sequence Numbers (ISN), i found something
> > really strange on Livingston Portmasters routers (running ComOS). It seems
> > that the ISN is always 127 :o
> >
> > This is really annoying, because this is really a big security hole (think
> > about IP-Blind Spoofing), and more formally, it do not comply with RFC793.
>
> Is Livingston going to address this major security problem
> with an interim release, or is it going to be the same old
> "ready when it's ready" crap??

It is being looked into...Engineering was notified the minute it showed up
on BugTraq. I'm awaiting official word.

-jr

----
Josh Richards - <jrichard@livingston.com> - <josh@lucent.com>
[Beta Engineer] - LUCENT Technologies - Remote Access Business Unit
<URL:http://www.livingston.com/> * <URL:http://www.lucent.com/dns/>

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: I don't work for Lucent RABU: "Re: (PM) bri@livingston.com no longer at Livingston (fwd)"
Previous message: David Wolfskill: "Re: (PM) MTU size?"