netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

from [Thomas Graf] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)
From: Thomas Graf <tgraf@xxxxxxx>
Date: Sun, 12 Jun 2005 14:22:47 +0200
Cc: Willy Tarreau <willy@xxxxxxxxx>, davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050612120627.GA5858@gondor.apana.org.au>
References: <20050611074350.GD28759@alpha.home.local> <E1DhBic-0005dp-00@gondolin.me.apana.org.au> <20050611195144.GF28759@alpha.home.local> <20050612081327.GA24384@gondor.apana.org.au> <20050612083409.GA8220@alpha.home.local> <20050612103020.GA25111@gondor.apana.org.au> <20050612114039.GI28759@alpha.home.local> <20050612120627.GA5858@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx 
* Herbert Xu <20050612120627.GA5858@xxxxxxxxxxxxxxxxxxx> 2005-06-12 22:06
> On Sun, Jun 12, 2005 at 01:40:39PM +0200, Willy Tarreau wrote:
> >
> > Sorry Herbert, but both RFC793 page 32 figure 9 and my Linux box disagree
> > with this statement. Look: at line 5, A rejects the SYN-ACK because the
> > ACK is wrong during the session setup.
> 
> Look at the first check inside th->ack in tcp_rcv_synsent_state_process.

Usually a continious flow of ACK+RST is used to prevent a connection
from being established, it's more reliable because even if you hit the
ISS+rcv_next window the connection attempt will still be reset.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Next by Date:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Previous by Thread:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Next by Thread:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]