Knowledge about vulnerabilities in the TCP protocol has been published by the US Computer Emergency Response Team (CERT) as well as the UK National Infrastructure Security Coordination Center (NISCC).
The problems are serious in that they can affect a wide array of platforms including many types of routers used to operate the Internet at top tier Internet service providers. Potential problems include session resets which result in denial of service attacks as well as the potential to inject data into TCP-based sessions.
According to CERT and NISCC the Border Gateway Protocol (BGP) could be most vulnerable since BGP sessions rely on persistent connections between peers. The interruption of BGP sessions could result in network outages of varying lengths of time depending on how devices are configured. However, BGP sessions could be better protected against potential attacks by using MD5 signatures or by using IPSec to tunnel BGP sessions. IPSec can prevent data injections as well as session resets.
Numerous vendors have released their own related bulletins, including Cisco, Lucent, Check Point, Juniper, Nortel, SGI, Cray, Certicom, and more. The Internet Storm Center (ISC) reports that a new TCP reset tool was released for Windows so be sure to read the bulletins from CERT and NISCC and check with your vendors for workarounds and patches to the problems.
