fixing opt-ack DoS against TCP stack

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Gavin McCullagh <gavin.mccullagh@nuim.ie>
To: netdev@vger.kernel.org
Cc: Douglas Leith <doug.leith@nuim.ie>, David Malone <David.Malone@nuim.ie>
Subject: fixing opt-ack DoS against TCP stack
Date: Tue, 09 Jan 2007 14:24:38 +0000	[thread overview]
Message-ID: <20070109142437.GF31536@nuim.ie> (raw)

Hi,

recently, a few of us came up with a novel (or so we thought) DoS attack
against TCP.  We spent some time implementing and testing it and found it
to work worryingly well.

It turns out that we are not the first to come across this attack.  Rob
Sherwood and colleagues in Maryland were a year or two ahead of us.  They
have published a paper entitled "Misbehaving TCP Receivers Can Cause
Internet-Wide Congestion Collapse".

	http://www.cs.umd.edu/~capveg/optack/optack-ccs05.pdf
	http://www.cs.umd.edu/~capveg/
	http://www.kb.cert.org/vuls/id/102014

Linux appears not to have implemented any fix for this vulnerability,
although Rob Sherwood wrote a patch against 2.4.24.

	http://www.cs.umd.edu/~capveg/optack/optack.patch

There seems to be a brief mention of it on the fedora-security list but I
can't find much discussion of it in linux circles otherwise.

	http://www.spinics.net/linux/fedora/fedora-security/msg00426.html
	http://www.securityfocus.com/bid/15468/

Is there some reason that this fix was not accepted or has this just
slipped under people's radars?  Should some fix not be implemented?  The
issue seems even more severe with the larger buffer sizes now in use.

Gavin

next             reply	other threads:[~2007-01-09 20:05 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-09 14:24 Gavin McCullagh [this message]
     [not found] <20070109103718.GE31536@nuim.ie>
     [not found] ` <20070109112656.1d6ee9ba@freekitty>
2007-01-11 13:19   ` fixing opt-ack DoS against TCP stack Gavin McCullagh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070109142437.GF31536@nuim.ie \
    --to=gavin.mccullagh@nuim.ie \
    --cc=David.Malone@nuim.ie \
    --cc=doug.leith@nuim.ie \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).