Title: TCP/IP Sequence Prediction Blind Reset Spoofing DoS
Apr 20, 2004
Jul 30, 2003
The TCP stack implementation of numerous vendors contains a flaw that may allow a remote denial of service. The issue is triggered when spoofed TCP Reset packets are received by the targeted TCP stack, and will result in loss of availability for the attacked TCP services.
Local Access Required,
Remote / Network Access
Denial of Service,
Loss of Availability
Install vendor upgrades or patches to resolve this issue. Routers using BGP are highly recommended to implement RFC-2385 (BGP TCP MD5 Signatures) as a work-around.