netdev
[Top] [All Lists]

Re: tcp vulnerability? haven't seen anything on it here...

To: Willy Tarreau <w@xxxxxxxxx>
Subject: Re: tcp vulnerability? haven't seen anything on it here...
From: "Richard B. Johnson" <root@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Apr 2004 16:25:19 -0400 (EDT)
Cc: linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040422141848.GA6986@xxxxxxxxxxxxxxxx>
References: <XFMail.20040422102359.pochini@xxxxxxxx> <Pine.LNX.4.53.0404220734330.8039@chaos> <20040422131704.GA6839@xxxxxxxxxxxxxxxx> <Pine.LNX.4.53.0404220929500.8745@chaos> <20040422141848.GA6986@xxxxxxxxxxxxxxxx>
Reply-to: root@xxxxxxxxxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 22 Apr 2004, Willy Tarreau wrote:

> Richard,
>
> you are confusing several thinks, stateful vs stateless protocols. A ping
> doesn't need a session on the remote host to be interpreted. A TCP segment
> whose flags don't show a SYN need a session to be interpreted. Please note
> that I'm not arguing that you won't crash a linux box with an RST addressed
> to a broadcast address, I'm saying that there's absolutely no reason why
> this should reset all connections, as you proposed it. Someone would have
> had to code this explicitly, it cannot be a simple side effect.
>
> Imagine that each packet which enters the system is presented to a hash
> table containing the sessions, and that its session is looked for into
> this hash table. You agree that in such code, there's no reason to find
> anything that runs through all sessions and kill everyone, since this
> code has no use there, and has no reason to be implemented on purpose !
>
> Look at functions such as tcp_v4_lookup() in net/ipv4/tcp_ipv4.c for
> example. When it reaches tcp_v4_lookup_established(), you find this :
>
>         for(sk = head->chain; sk; sk = sk->next) {
>                 if(TCP_IPV4_MATCH(sk, acookie, saddr, daddr, ports, dif))
>                         goto hit; /* You sunk my battleship! */
>         }
>
> You cannot match more than once.

[SNIPPED...]

So you are sure an attacker will fire only one bullet?

Cheers,
Dick Johnson
Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
            Note 96.31% of all statistics are fiction.



<Prev in Thread] Current Thread [Next in Thread>