From; Panda Oxygen3 24h-365d: "I am not discouraged, because every wrong attempt discarded is another step forward." Thomas Alva Edison (1847-1931); US physicist and inventor. - Multiple systems affected by a vulnerability in TCP - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 21, 2004 - US-CERT/CC has published, at http://www.us-cert.gov/cas/techalerts/TA04-111A.html, an advisory about a vulnerability in TCP that could allow a malicious user to carry out denial of service attacks. This is a serious problem, as multiple implementations of the BGP (Border Gateway Protocol) rely on TCP to maintain permanent unauthenticated network sessions. Therefore, the vulnerability detected could allow remote attackers to terminate network sessions. Although BGP (designed to exchange information between routers and other devices) has been identified as vulnerable, the problem could affect any other protocol or service that rely on persistent TCP connections. Some manufacturers, such as Cisco (*), have already published advisories about the impact of this vulnerability on their systems. As a workaround, users are recommended to implement and use cryptographically secure protocols. Similarly, users are advised to keep informed about the updates published by the manufacturers of affected products. (*) The advisories published by Cisco are available at: http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member