From: Nebojsa Miljanovic <neb@alcatel-lucent.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-kernel@vger.kernel.org, "Kittlitz,
Edward (Ned)" <nkittlitz@alcatel-lucent.com>,
asweeney@alcatel-lucent.com, "Polhemus,
William (Bart)" <bpolhemus@alcatel-lucent.com>
Subject: Re: SO_REUSEADDR not allowing server and client to use same port
Date: Mon, 17 Mar 2008 13:17:29 -0500 [thread overview]
Message-ID: <47DEB5B9.4030905@alcatel-lucent.com> (raw)
In-Reply-To: 20080317173021.28e6fd97@core
OK. I see. So, it would have to be some malicious application running together
with the server (i.e. on the same CPU). I do see now why you said it would be
very very hard to make this happen.
Still, it would be nice to introduce SO_REUSEPORT socket options so secure
servers (who happen to be clients as well) can re-use ports when necessary.
Another option would be to check if port re-use is happening inside same
application and allow it. That may make half of the folks happy, so I am not
sure if I like it as much as I like SO_REUSEPORT option.
Thanks,
Neb
On 3/17/2008 12:30 PM, Alan Cox wrote:
> On Mon, 17 Mar 2008 11:43:28 -0500
> Nebojsa Miljanovic <neb@alcatel-lucent.com> wrote:
>
>
>>Alan,
>>thanks. With that additional INFO, I was able to find detailed description of
>>this denial of service attack (attached below).
>>Just to clarify. Having this port re-use check prevents folks from launching
>>this attack as opposed to being victim of it?
>
>
> Different issue. I can hijack a connection.
>
> Imagine I have a server bound to *.5000, and someone is about to connect.
> If on the server box I am able to bind and issue a connect outwards
> matching the inbound connection I will get the connection not the server.
next prev parent reply other threads:[~2008-03-17 18:17 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-28 18:15 SO_REUSEADDR not allowing server and client to use same port Nebojsa Miljanovic
2008-02-28 18:30 ` Phil Oester
2008-02-28 20:19 ` Alan Cox
2008-02-28 20:41 ` Willy Tarreau
2008-03-13 19:18 ` Nebojsa Miljanovic
2008-03-15 13:34 ` Alan Cox
2008-03-17 16:43 ` Nebojsa Miljanovic
2008-03-17 17:30 ` Alan Cox
2008-03-17 18:17 ` Nebojsa Miljanovic [this message]
2008-03-18 5:48 ` Willy Tarreau
2008-02-28 20:36 ` Willy Tarreau
2008-02-28 20:44 ` Nebojsa Miljanovic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47DEB5B9.4030905@alcatel-lucent.com \
--to=neb@alcatel-lucent.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=asweeney@alcatel-lucent.com \
--cc=bpolhemus@alcatel-lucent.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nkittlitz@alcatel-lucent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox