From: Nebojsa Miljanovic <neb@alcatel-lucent.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-kernel@vger.kernel.org, "Kittlitz,
Edward (Ned)" <nkittlitz@alcatel-lucent.com>,
asweeney@alcatel-lucent.com, "Polhemus,
William (Bart)" <bpolhemus@alcatel-lucent.com>
Subject: Re: SO_REUSEADDR not allowing server and client to use same port
Date: Mon, 17 Mar 2008 13:17:29 -0500 [thread overview]
Message-ID: <47DEB5B9.4030905@alcatel-lucent.com> (raw)
In-Reply-To: 20080317173021.28e6fd97@core
OK. I see. So, it would have to be some malicious application running together
with the server (i.e. on the same CPU). I do see now why you said it would be
very very hard to make this happen.
Still, it would be nice to introduce SO_REUSEPORT socket options so secure
servers (who happen to be clients as well) can re-use ports when necessary.
Another option would be to check if port re-use is happening inside same
application and allow it. That may make half of the folks happy, so I am not
sure if I like it as much as I like SO_REUSEPORT option.
Thanks,
Neb
On 3/17/2008 12:30 PM, Alan Cox wrote:
> On Mon, 17 Mar 2008 11:43:28 -0500
> Nebojsa Miljanovic <neb@alcatel-lucent.com> wrote:
>
>
>>Alan,
>>thanks. With that additional INFO, I was able to find detailed description of
>>this denial of service attack (attached below).
>>Just to clarify. Having this port re-use check prevents folks from launching
>>this attack as opposed to being victim of it?
>
>
> Different issue. I can hijack a connection.
>
> Imagine I have a server bound to *.5000, and someone is about to connect.
> If on the server box I am able to bind and issue a connect outwards
> matching the inbound connection I will get the connection not the server.
next prev parent reply other threads:[~2008-03-17 18:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-28 18:15 SO_REUSEADDR not allowing server and client to use same port Nebojsa Miljanovic
2008-02-28 18:30 ` Phil Oester
2008-02-28 20:19 ` Alan Cox
2008-02-28 20:41 ` Willy Tarreau
2008-03-13 19:18 ` Nebojsa Miljanovic
2008-03-15 13:34 ` Alan Cox
2008-03-17 16:43 ` Nebojsa Miljanovic
2008-03-17 17:30 ` Alan Cox
2008-03-17 18:17 ` Nebojsa Miljanovic [this message]
2008-03-18 5:48 ` Willy Tarreau
2008-02-28 20:36 ` Willy Tarreau
2008-02-28 20:44 ` Nebojsa Miljanovic
-- strict thread matches above, loose matches on Subject: below --
2008-02-28 19:00 Nebojsa Miljanovic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47DEB5B9.4030905@alcatel-lucent.com \
--to=neb@alcatel-lucent.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=asweeney@alcatel-lucent.com \
--cc=bpolhemus@alcatel-lucent.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nkittlitz@alcatel-lucent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.