Re: Proposed RST patch
On 23 Apr, Mike Silbersack wrote:
>
> Here's my proposed patch to change RST handling so that ESTABLISHED
> connections are subject to strict RST checking, but connections in other
> states are only subject to the "within the window" check. Part 2 of the
> patch is simply a patch to netstat so that it displays the statistic.
>
> As expected, it's very straightforward, the only real question is what to
> call the statistic... "Ignored RSTs in the window" isn't the best
> description.
>
> FWIW, I've been testing with the exploit code
> (reset-tcp-rfc31337-compliant.c from osvdb-4030-exploit.zip), and this
> change does indeed defeat the attack. It took me a while to get the code
> working, they really munged up the libnet calls, but I guess that was the
> intent.
> + if (tp->last_ack_sent != th->th_seq) {
I'd reverse the operand order here to match the operand order of the
enclosing "if" block. Other than that tiny nit, this looks fine.
What is our status with regards to the spoofed SYN version of the
attack?
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)