Re: TCP-RST Vulnerability - Doubt

From: David S. Miller
Date: Fri Jun 25 2004 - 17:12:53 EST

Next message: Prakash K. Cheemplavam: "Re: 2.6.7-ck2 (was Re: 2.6.7-ck1)"
Previous message: Adrian Bunk: "Re: [2.6 patch] fix arch/i386/pci/Makefile"
In reply to: saiprathap: "TCP-RST Vulnerability - Doubt"
Next in thread: Andre Tomt: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 25 Jun 2004 15:20:50 -0600
saiprathap <saiprathap@xxxxxxxxxx> wrote:

> I am a graduate research student majoring in the field of
> Computer Networking.As part of my research I have sorted out what FreeBSD has
> done to overcome the TCP-RST vulnerability (by modifying the stack to accept
> the RST packets only with the current + 1 sequence number and ignoring the
> rest, even if their sequence numbers fall within the receiving window).
>
> Could you kindly share your views regarding what Linux has done to its stack
> to overcome this vulnerability as it will be of great help to my research.

We have done nothing, and there are no plans to implement any workaround
for this problem.

RFC2385 MD5 hashing support is going in soon, and for the application where
the vulnerability actually matters (BGP sessions between backbone routers)
MD5 clears that problem right up and they're all using MD5 protection already
anyways.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Prakash K. Cheemplavam: "Re: 2.6.7-ck2 (was Re: 2.6.7-ck1)"
Previous message: Adrian Bunk: "Re: [2.6 patch] fix arch/i386/pci/Makefile"
In reply to: saiprathap: "TCP-RST Vulnerability - Doubt"
Next in thread: Andre Tomt: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]