[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)

Jacques A. Vidrine nectar at FreeBSD.org
Wed Apr 21 04:51:56 PDT 2004


On Wed, Apr 21, 2004 at 01:50:28AM -0500, Mike Silbersack wrote:
> 
> On Tue, 20 Apr 2004, Don Lewis wrote:
> 
> > I am concerned that step C will not solve the compatibility problem. The
> > FreeBSD host is sending a FIN to close an established connection, and
> > the peer host adding the window size advertised in the FIN packet to the
> > sequence number acknowledged in the FIN packet, and using the sum as the
> > sequence number for the RST packet, which puts the sequence number at
> > the end of the receive window.
> 
> Would it be feasible for us to create a four to five element array to
> track "resettable" sequence numbers?  This could hold the sequence numbers
> of the last few packets transmitted, and account for that edge case as
> well.  I'm very uneasy with the IETF step C - sending more packets out
> into the network sounds like a new type of amplification attack.

I'm also somewhat skeptical.  Considering the attack that this is
supposed to mitigate, it would probably be a good idea to implement this
as a compile time option defaulting OFF at first.  Those really worried
about an attack (running BGP?) can utilize it, as well as those testing
interoperability for awhile.

Cheers,
-- 
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org


More information about the freebsd-security mailing list