Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
From: jayanth (jayanth_at_yahoo-inc.com)
Date: 04/22/04
- Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Apr 2004 07:58:57 -0700 To: Don Lewis <truckman@FreeBSD.org>
Don Lewis (truckman@FreeBSD.org) wrote:
> On 21 Apr, Mike Silbersack wrote:
> >
> > On Wed, 21 Apr 2004, Don Lewis wrote:
> >
> >> > 1. Accept all RSTs meeting the criteria you just listed above.
> >>
> >> At this step, it would be better if we used the window size that was
> >> advertised it the last packet sent, since that is what the sequence
> >> number of the RST packet will be calculated from, while the window size
> >> could have increased if data was consumed from the receive queue between
> >> the time we sent the last packet and when we received the RST.
> >>
> >> It doesn't look like we keep the necessary data for this. Probably the
> >> easiest thing to do would be to calculate the expected sequence number
> >> in tcp_output() and stash it in the pcb.
> >
> > Do you have access to a system that exhibits the "RST at end of window"
> > syndrome so that you could code up and test out this part of the patch?
>
> Nope. The only report of this that I saw was from jayanth. Judging by
> the tcpdump timestamps, it looks like whatever this wierd piece of
> hardware was, it was nearby.
>
if i remember right this was done to handle the Alteons which
generate a RST segment that would fall within the window size but not the
next expected sequence no.
So they would do something crazy like rcv_nxt + rcv_win as the sequence no,
for the RST segment rather than rcv_nxt + 1.
This was part of the RFC though.
If it is a problem we can always revert it back.
jayanth
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- In reply to: Don Lewis: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
