Slashdot alerted me to a KernelTrap article about Fernando Gont at the recent OpenBSD hackathon. I mentioned Gont's work in April. The Slashdot post has some surprisingly good commentary, like this historical perspective and this summary.
Three aspects of the KernelTrap story bother me. First, Cisco sounds like it is more interested in patenting a fix for the problem, and less interested in getting the problem fixed in a timely manner. Second, the disclosure process sounds broken, with Gont now preferring to avoid dealing with vendors entirely. Third, Cisco sounds like one of its employees needs a real attitude adjustment:
"'They blamed me for submitting my work,' Fernando said in exasperation. 'One of Cisco's managers of PSIRT said I was cooperating with terrorists, because a terrorist could have gotten the information in the paper I wrote!'"
Sorry, terrorists attack planes, buildings, and (tragically in Spain and now the UK) trains and subway systems. They do not use ICMP to degrade TCP connections.
Kamis, 07 Juli 2005
ICMP Attacks Against TCP Revisited
05.54
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar