[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Apr 21 04:51:56 PDT 2004
On Wed, Apr 21, 2004 at 01:50:28AM -0500, Mike Silbersack wrote:
>
> On Tue, 20 Apr 2004, Don Lewis wrote:
>
> > I am concerned that step C will not solve the compatibility problem. The
> > FreeBSD host is sending a FIN to close an established connection, and
> > the peer host adding the window size advertised in the FIN packet to the
> > sequence number acknowledged in the FIN packet, and using the sum as the
> > sequence number for the RST packet, which puts the sequence number at
> > the end of the receive window.
>
> Would it be feasible for us to create a four to five element array to
> track "resettable" sequence numbers? This could hold the sequence numbers
> of the last few packets transmitted, and account for that edge case as
> well. I'm very uneasy with the IETF step C - sending more packets out
> into the network sounds like a new type of amplification attack.
I'm also somewhat skeptical. Considering the attack that this is
supposed to mitigate, it would probably be a good idea to implement this
as a compile time option defaulting OFF at first. Those really worried
about an attack (running BGP?) can utilize it, as well as those testing
interoperability for awhile.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list