netdev
[Top] [All Lists]

Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

To: Willy Tarreau <willy@xxxxxxxxx>
Subject: Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 12 Jun 2005 23:13:23 +1000
Cc: davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050612123253.GK28759@xxxxxxxxxxxxxxxx>
References: <20050611074350.GD28759@xxxxxxxxxxxxxxxx> <E1DhBic-0005dp-00@xxxxxxxxxxxxxxxxxxxxxxxx> <20050611195144.GF28759@xxxxxxxxxxxxxxxx> <20050612081327.GA24384@xxxxxxxxxxxxxxxxxxx> <20050612083409.GA8220@xxxxxxxxxxxxxxxx> <20050612103020.GA25111@xxxxxxxxxxxxxxxxxxx> <20050612114039.GI28759@xxxxxxxxxxxxxxxx> <20050612120627.GA5858@xxxxxxxxxxxxxxxxxxx> <20050612123253.GK28759@xxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.9i
On Sun, Jun 12, 2005 at 02:32:53PM +0200, Willy Tarreau wrote:
>
> but it's not the case (although the naming is not clear). So if the remote
> end was the one which sent the SYN-ACK, it will clear its session. If it has
> been spoofed, it will ignore the RST because in turn, the SEQ will not be
> within its window.

This is what should happen:

1) client A sends SYN to server B.
2) attcker C sends spoofed SYN-ACK to client A purporting to be server B.
3) client A sends RST to server B.

The RST packet is sent by client A using its sequence numbers.  Therefore
it will pass the sequence number check on server B.

4) server B resets the connection.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>