netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

from [Herbert Xu] [Permanent Link][Original]
To: Thomas Graf <tgraf@xxxxxxx>
Subject: Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 12 Jun 2005 23:16:24 +1000
Cc: Willy Tarreau <willy@xxxxxxxxx>, davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050612122247.GB22463@postel.suug.ch>
References: <20050611074350.GD28759@alpha.home.local> <E1DhBic-0005dp-00@gondolin.me.apana.org.au> <20050611195144.GF28759@alpha.home.local> <20050612081327.GA24384@gondor.apana.org.au> <20050612083409.GA8220@alpha.home.local> <20050612103020.GA25111@gondor.apana.org.au> <20050612114039.GI28759@alpha.home.local> <20050612120627.GA5858@gondor.apana.org.au> <20050612122247.GB22463@postel.suug.ch>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Sun, Jun 12, 2005 at 02:22:47PM +0200, Thomas Graf wrote:
>
> > Look at the first check inside th->ack in tcp_rcv_synsent_state_process.
> 
> Usually a continious flow of ACK+RST is used to prevent a connection
> from being established, it's more reliable because even if you hit the
> ISS+rcv_next window the connection attempt will still be reset.

Sure.  My point is that there are a hundred and one ways to attack
a TCP connection in a manner similar to the original method that
started this thread.  So fixes like this are pretty pointless.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Next by Date:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Previous by Thread:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Thomas Graf
Next by Thread:  Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Indexes:  [Date] [Thread] [Top] [All Lists]