Table of Contents
The DHS advisory is a good source of background information about the
It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having its connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack.
The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat:
Red Hat does not have any plans for action regarding this issue.
CVE description copyright © 2017, The MITRE Corporation