From: Willy Tarreau <willy@w.ods.org>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Paul Jakma <paul@clubi.ie>, Ville Hallivuori <vph@iki.fi>,
Toon van der Pas <toon@hout.vanvergehaald.nl>,
Wolfpaw - Dale Corse <admin@wolfpaw.net>,
kaukasoi@elektroni.ee.tut.fi,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack
Date: Tue, 14 Sep 2004 21:41:41 +0200 [thread overview]
Message-ID: <20040914194141.GF2780@alpha.home.local> (raw)
In-Reply-To: <1095174633.16990.19.camel@localhost.localdomain>
Hi Alan,
On Tue, Sep 14, 2004 at 04:10:36PM +0100, Alan Cox wrote:
> On Maw, 2004-09-14 at 15:55, Paul Jakma wrote:
> > Hmm, yes, I hadnt thought of the attack-mitigating aspects of
> > graceful restart. Though, without other measures, the session is
> > still is open to abuse (send RST every second).
>
> Of course its much easier to just send "must fragment, size 68" icmp
> replies and guess them that way. This is spectacularly more effective
> and various vendors highly invalid rst acking crap won't save you.
Just wondering, I have not checked. Isn't the "must fragment" message
supposed to embed part of the packet it couldn't send in return ? If
this is the case (and if the victim processes it correctly), it would
need to guess a recent valid content. If it's not the case, I suspect
it would simply update the path mtu in the route cache, thus giving
spectacular effects :-)
Cheers,
Willy
next prev parent reply other threads:[~2004-09-14 19:45 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <02a401c498e9$9167aff0$0300a8c0@s>
2004-09-12 17:29 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack Wolfpaw - Dale Corse
2004-09-12 17:04 ` Alan Cox
2004-09-12 19:23 ` Toon van der Pas
2004-09-13 3:18 ` Paul Jakma
2004-09-13 3:30 ` Paul Jakma
2004-09-13 4:18 ` Willy Tarreau
2004-09-13 4:25 ` Paul Jakma
2004-09-13 19:07 ` Tonnerre
2004-09-13 19:18 ` Willy Tarreau
2004-09-13 19:25 ` Paul Jakma
2004-09-13 20:11 ` Ville Hallivuori
2004-09-14 14:55 ` Paul Jakma
2004-09-14 15:10 ` Alan Cox
2004-09-14 16:26 ` Paul Jakma
2004-09-14 16:09 ` Alan Cox
2004-09-14 17:17 ` Paul Jakma
2004-09-20 22:02 ` Florian Weimer
2004-09-21 2:14 ` Herbert Xu
2004-09-21 18:32 ` Florian Weimer
2004-09-21 19:56 ` David S. Miller
2004-09-21 20:04 ` Florian Weimer
2004-09-21 20:25 ` David S. Miller
2004-09-21 20:51 ` Florian Weimer
2004-09-14 19:41 ` Willy Tarreau [this message]
2004-09-14 18:56 ` Alan Cox
2004-09-20 22:03 ` Florian Weimer
2004-09-20 23:12 ` Alan Cox
[not found] <02bf01c498ff$b6512470$0300a8c0@s>
2004-09-12 19:42 ` Wolfpaw - Dale Corse
2004-09-12 19:53 ` Willy Tarreau
[not found] <02b001c498f6$7942bc50$0300a8c0@s>
2004-09-12 18:52 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial " Wolfpaw - Dale Corse
2004-09-12 18:06 ` Alan Cox
[not found] <02b201c498f6$8bb92540$0300a8c0@s>
2004-09-12 18:40 ` Wolfpaw - Dale Corse
2004-09-12 18:01 ` Alan Cox
2004-09-12 19:48 ` Willy Tarreau
2004-09-13 6:59 ` Jurjen Oskam
[not found] <029201c498d8$dff156f0$0300a8c0@s>
2004-09-12 15:45 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial " Wolfpaw - Dale Corse
2004-09-12 16:47 ` Petri Kaukasoina
2004-09-12 17:59 ` Willy Tarreau
2004-09-12 17:17 ` Alan Cox
2004-09-12 18:18 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040914194141.GF2780@alpha.home.local \
--to=willy@w.ods.org \
--cc=admin@wolfpaw.net \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=kaukasoi@elektroni.ee.tut.fi \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@clubi.ie \
--cc=toon@hout.vanvergehaald.nl \
--cc=vph@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.