Re: tcp vulnerability? haven't seen anything on it here...

From: Richard B. Johnson
Date: Thu Apr 22 2004 - 15:28:21 EST

On Thu, 22 Apr 2004, Willy Tarreau wrote:

> Richard,
> you are confusing several thinks, stateful vs stateless protocols. A ping
> doesn't need a session on the remote host to be interpreted. A TCP segment
> whose flags don't show a SYN need a session to be interpreted. Please note
> that I'm not arguing that you won't crash a linux box with an RST addressed
> to a broadcast address, I'm saying that there's absolutely no reason why
> this should reset all connections, as you proposed it. Someone would have
> had to code this explicitly, it cannot be a simple side effect.
> Imagine that each packet which enters the system is presented to a hash
> table containing the sessions, and that its session is looked for into
> this hash table. You agree that in such code, there's no reason to find
> anything that runs through all sessions and kill everyone, since this
> code has no use there, and has no reason to be implemented on purpose !
> Look at functions such as tcp_v4_lookup() in net/ipv4/tcp_ipv4.c for
> example. When it reaches tcp_v4_lookup_established(), you find this :
> for(sk = head->chain; sk; sk = sk->next) {
> if(TCP_IPV4_MATCH(sk, acookie, saddr, daddr, ports, dif))
> goto hit; /* You sunk my battleship! */
> }
> You cannot match more than once.


So you are sure an attacker will fire only one bullet?

Dick Johnson
Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
Note 96.31% of all statistics are fiction.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at