Quoting Kurt Seifried <[EMAIL PROTECTED]>: > According to the Cisco presentation afterwards, Cisco's RST behavior makes > it non vulnerable as there is a wait period after a certain number of bad > RST packets are recieved. Thus Cisco IOS is basically not affected.
So, this advisory on Cisco's site is a hoax? It states: "Products which contain a TCP stack are susceptible to this vulnerability. All Cisco products and models are affected." http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml Regards, Sullo -- http://www.cirt.net/ | http://www.osvdb.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
