Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)

[Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>]

On Sun, Jun 12, 2005 at 03:47:25PM +0200, Willy Tarreau wrote:
> 
> Yes, but only if there's an ACK and the ACK is exactly equal to snd_next,
> so the connection will survive.

Sorry I wasn't thinking straight.

> 
> > My point is that there are many ways to kill TCP connections in ways
> > similar to what you proposed initially so it isn't that special.
> 
> No, there are plenty of ways to kill TCP connections when you can guess
> the window (which is more and more easy thanks to window scaling). But
> I have yet found no way to kill a TCP session without this info, except
> by exploiting the simultaneous connect feature.

I still stand by this point though.  The most obvious thing I can think
of right now is to change your attack to simply connect to kernel.org's
webserver first from source port 10000.  That will cause the real SYN
packet to fail the sequence number check.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt