Re: Proposed RST patch
From: Don Lewis (truckman_at_FreeBSD.org)
Date: 04/24/04
- Previous message: Mike Silbersack: "Proposed RST patch"
- In reply to: Mike Silbersack: "Proposed RST patch"
- Next in thread: Mike Silbersack: "Re: Proposed RST patch"
- Reply: Mike Silbersack: "Re: Proposed RST patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Apr 2004 22:00:05 -0700 (PDT) To: silby@silby.com
On 23 Apr, Mike Silbersack wrote:
>
> Here's my proposed patch to change RST handling so that ESTABLISHED
> connections are subject to strict RST checking, but connections in other
> states are only subject to the "within the window" check. Part 2 of the
> patch is simply a patch to netstat so that it displays the statistic.
>
> As expected, it's very straightforward, the only real question is what to
> call the statistic... "Ignored RSTs in the window" isn't the best
> description.
>
> FWIW, I've been testing with the exploit code
> (reset-tcp-rfc31337-compliant.c from osvdb-4030-exploit.zip), and this
> change does indeed defeat the attack. It took me a while to get the code
> working, they really munged up the libnet calls, but I guess that was the
> intent.
> + if (tp->last_ack_sent != th->th_seq) {
I'd reverse the operand order here to match the operand order of the
enclosing "if" block. Other than that tiny nit, this looks fine.
What is our status with regards to the spoofed SYN version of the
attack?
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mike Silbersack: "Proposed RST patch"
- In reply to: Mike Silbersack: "Proposed RST patch"
- Next in thread: Mike Silbersack: "Re: Proposed RST patch"
- Reply: Mike Silbersack: "Re: Proposed RST patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
