Proposed RST patch

From: Mike Silbersack (silby_at_silby.com)
Date: 04/24/04

  • Next message: Don Lewis: "Re: Proposed RST patch"
    Date: Fri, 23 Apr 2004 22:34:51 -0500 (CDT)
    To: freebsd-security@freebsd.org
    
    
    

    Here's my proposed patch to change RST handling so that ESTABLISHED
    connections are subject to strict RST checking, but connections in other
    states are only subject to the "within the window" check. Part 2 of the
    patch is simply a patch to netstat so that it displays the statistic.

    As expected, it's very straightforward, the only real question is what to
    call the statistic... "Ignored RSTs in the window" isn't the best
    description.

    FWIW, I've been testing with the exploit code
    (reset-tcp-rfc31337-compliant.c from osvdb-4030-exploit.zip), and this
    change does indeed defeat the attack. It took me a while to get the code
    working, they really munged up the libnet calls, but I guess that was the
    intent.

    Mike "Silby" Silbersack

    
    
    
    

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"




  • Next message: Don Lewis: "Re: Proposed RST patch"

    Relevant Pages

    • Re: Proposed RST patch
      ... > Here's my proposed patch to change RST handling so that ESTABLISHED ... > connections are subject to strict RST checking, ... > patch is simply a patch to netstat so that it displays the statistic. ... I'd reverse the operand order here to match the operand order of the ...
      (FreeBSD-Security)
    • RE: [fw-wiz] CIsco PIX vulnerable to TCP RST DOS attacks
      ... Cisco have advised me that PIX Images need to be upgraded to special release ... RST packets and discard out of state RST packets. ... It would be nice to have a detailed breakdown and analysis from Cisco ... It used to immediately tear down connections immediately upon receiving ...
      (Firewall-Wizards)
    • Re: IPFW and IPv6 TCP timeout problem
      ... TCP connections after a short timeout. ... Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw. ... The PR includes a patch, it just needs somebody to commit it. ...
      (freebsd-net)
    • Re: [Fwd: Re: 3 connections as one]
      ... Another option has been added to natd, a number wich can be set from 0 to ... 100 to determine the use of the second alias address. ... So when a connection has to be established for the first time, the patch use ... So natd is generating new connections in two diferent IPs (for two diferent ...
      (freebsd-hackers)
    • Re: T5xxx servers short "freeze" behaviour
      ...  machine is freezing for a couple of secconds and then continues ... That patch didn't fix my problem. ... is poking ping, http, https, drupal, etc, and I see alerts from Common ... Array Manager claiming to have lost iSCSI connections. ...
      (comp.unix.solaris)