Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)

• Previous message: Jacques A. Vidrine: "Re: TCP RST attack"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Randall Stewart (cisco): "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 21 Apr 2004 06:07:04 -0500
To: Mike Silbersack <silby@silby.com>

On Wed, Apr 21, 2004 at 01:50:28AM -0500, Mike Silbersack wrote:
>
> On Tue, 20 Apr 2004, Don Lewis wrote:
>
> > I am concerned that step C will not solve the compatibility problem. The
> > FreeBSD host is sending a FIN to close an established connection, and
> > the peer host adding the window size advertised in the FIN packet to the
> > sequence number acknowledged in the FIN packet, and using the sum as the
> > sequence number for the RST packet, which puts the sequence number at
> > the end of the receive window.
>
> Would it be feasible for us to create a four to five element array to
> track "resettable" sequence numbers? This could hold the sequence numbers
> of the last few packets transmitted, and account for that edge case as
> well. I'm very uneasy with the IETF step C - sending more packets out
> into the network sounds like a new type of amplification attack.

I'm also somewhat skeptical. Considering the attack that this is
supposed to mitigate, it would probably be a good idea to implement this
as a compile time option defaulting OFF at first. Those really worried
about an attack (running BGP?) can utilize it, as well as those testing
interoperability for awhile.

Cheers,

-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Jacques A. Vidrine: "Re: TCP RST attack"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Randall Stewart (cisco): "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... >> FreeBSD host is sending a FIN to close an established connection, ... >> the peer host adding the window size advertised in the FIN packet to the ... >> sequence number acknowledged in the FIN packet, and using the sum as the ... (FreeBSD-Security) Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... > FreeBSD host is sending a FIN to close an established connection, ... > the peer host adding the window size advertised in the FIN packet to the ... > sequence number acknowledged in the FIN packet, and using the sum as the ... (FreeBSD-Security) Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... >> Are you suggesting that we use the strict check during the ESTABLISHED ... It's not clear to me that under the circumstances required for this attack, ... there is much difference between injecting a RST or a FIN, or anything else, ... A packet containing a FIN is unlikely to match the seq # exactly, ... (FreeBSD-Security) Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) ... >> FreeBSD host is sending a FIN to close an established connection, ... >> the peer host adding the window size advertised in the FIN packet to the ... >> sequence number acknowledged in the FIN packet, and using the sum as the ... (FreeBSD-Security)