Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)

From: Mike Silbersack (silby_at_silby.com)
Date: 04/22/04

Next message: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"

Previous message: Mike Tancsa: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
In reply to: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Next in thread: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Reply: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Apr 2004 01:28:20 -0500 (CDT)
To: Don Lewis <truckman@FreeBSD.org>

On Wed, 21 Apr 2004, Don Lewis wrote:

> On 21 Apr, Mike Silbersack wrote:
> > Do you have access to a system that exhibits the "RST at end of window"
> > syndrome so that you could code up and test out this part of the patch?
>
> Nope. The only report of this that I saw was from jayanth. Judging by
> the tcpdump timestamps, it looks like whatever this wierd piece of
> hardware was, it was nearby.

Something just occured to me... we can just lump the "RST at end of
window" case into the whole "RST somewhere in the window case". In that
way, we only need two cases:

1. RSTs exactly at last_ack_sent (always accepted)

2. Everything else in the window (only accepted if "not under attack".)

I could code up and test this over the weekend, if it sounds like a
solution we're willing to go with.

Mike "Silby" Silbersack
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"

Previous message: Mike Tancsa: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
In reply to: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Next in thread: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Reply: Darren Reed: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: PATCH [0/3]: Simplify the kernel build by removing perl.
... merge window is closing soon I could resubmit the other two with Sam's ... - add the updated timeconst patch to kbuild-next ... I just rewrote the perl script and changed the call. ...
(Linux-Kernel)
Re: IE and Outlook Express flashing file dialog box
... issues with that patch than just this OE flashing behavior. ... OE window and that didn't work for me, ... Sir Timbit ... "Cumulative Security Update for Internet Explorer for Windows XP" ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: [PATCH] x86_64: sync_tsc fix the race (so we can boot)
... I have some problem with this patch. ... >> which is a broadcast ipi. ... >> during that window will triple fault the cpu and do other nasty things. ... >> it fixes it for the right reasons. ...
(Linux-Kernel)
[PATCH] s3c-fb: added s5pv210 support and some features.
... default window features and also ... patch contents are as following. ... resizing feature. ... fixed distortedness situation on pixel format more then 24bpp. ...
(Linux-Kernel)
Re: ALPS input driver problem with DualPoint on Dell E6400/E6500 [patch]
... the patch seems to work except for losing "grip" when using e.g. ... Let's assume I click a window decoration drawn by compiz ... Playing around and trying to get some usable output from xev I could ... I nevertheless also experimented with metacity. ...
(Linux-Kernel)