Re: tcp vulnerability? haven't seen anything on it here...

From: Sridhar Samudrala
Date: Thu Apr 22 2004 - 16:44:04 EST

On Wed, 21 Apr 2004, David S. Miller wrote:

> On Wed, 21 Apr 2004 19:03:40 +0200
> Jörn Engel <joern@xxxxxxxxxxxxxxxxxxxx> wrote:
> > made it appear, as if the only news was that with tcp
> > windows, the propability of guessing the right sequence number is not
> > 1:2^32 but something smaller. They said that 64k packets would be
> > enough, so guess what the window will be.
> Yes, that is their major discovery. You need to guess the ports
> and source/destination addresses as well, which is why I don't
> consider this such a serious issue personally.
> It is mitigated if timestamps are enabled, because that becomes
> another number you have to guess.

I am not sure if enabling timestamps will help.
>From RFC1323,
It is recommended that RST segments NOT carry timestamps, and that RST
segments be acceptable regardless of their timestamp. Old duplicate RST
segments should be exceedingly unlikely, and their cleanup function should
take precedence over timestamps.

It looks like linux follows this recommendataion.
tcp_input.c: tcp_rcv_established()
if (tcp_fast_parse_options(skb, th, tp) && tp->saw_tstamp &&
tcp_paws_discard(tp, skb)) {
if (!th->rst) {
tcp_send_dupack(sk, skb);
goto discard;
/* Reset is accepted even if it did not pass PAWS. */

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at