Re: tcp vulnerability? haven't seen anything on it here...

From: Richard B. Johnson (root_at_chaos.analogic.com)
Date: 04/22/04

  • Next message: Alexandre Oliva: "Re: Fix UDF-FS potentially dereferencing null" 
    Date:	Thu, 22 Apr 2004 16:25:19 -0400 (EDT)
To: Willy Tarreau <w@w.ods.org>

    On Thu, 22 Apr 2004, Willy Tarreau wrote:

    > Richard,
    >
    > you are confusing several thinks, stateful vs stateless protocols. A ping
    > doesn't need a session on the remote host to be interpreted. A TCP segment
    > whose flags don't show a SYN need a session to be interpreted. Please note
    > that I'm not arguing that you won't crash a linux box with an RST addressed
    > to a broadcast address, I'm saying that there's absolutely no reason why
    > this should reset all connections, as you proposed it. Someone would have
    > had to code this explicitly, it cannot be a simple side effect.
    >
    > Imagine that each packet which enters the system is presented to a hash
    > table containing the sessions, and that its session is looked for into
    > this hash table. You agree that in such code, there's no reason to find
    > anything that runs through all sessions and kill everyone, since this
    > code has no use there, and has no reason to be implemented on purpose !
    >
    > Look at functions such as tcp_v4_lookup() in net/ipv4/tcp_ipv4.c for
    > example. When it reaches tcp_v4_lookup_established(), you find this :
    >
    > for(sk = head->chain; sk; sk = sk->next) {
    > if(TCP_IPV4_MATCH(sk, acookie, saddr, daddr, ports, dif))
    > goto hit; /* You sunk my battleship! */
    > }
    >
    > You cannot match more than once.

    [SNIPPED...]

    So you are sure an attacker will fire only one bullet?

    Cheers,
    *** Johnson
    Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
                Note 96.31% of all statistics are fiction.

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: Alexandre Oliva: "Re: Fix UDF-FS potentially dereferencing null"