Re: TCP-RST Vulnerability - Doubt

From: Lincoln Dale
Date: Mon Jun 28 2004 - 21:36:30 EST

Next message: Daniel Roesen: "Re: TCP-RST Vulnerability - Doubt"
Previous message: David S. Miller: "Re: drivers/block/ub.c"
In reply to: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Next in thread: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 01:05 AM 27/06/2004, David S. Miller wrote:

> Could you kindly share your views regarding what Linux has done to its stack
> to overcome this vulnerability as it will be of great help to my research.

We have done nothing, and there are no plans to implement any workaround
for this problem.

the vulnerabilities are real for any application/protocol which makes use of long-duration TCP sessions.

the most common place that people have found the vulnerability to be of use is in killing BGP sessions.
protocols which make use of long-held TCP sessions such as NFSv3, irc, nntp, telnet, ssh, X11 et al are just as vulnerable.

cheers,

lincoln.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Roesen: "Re: TCP-RST Vulnerability - Doubt"
Previous message: David S. Miller: "Re: drivers/block/ub.c"
In reply to: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Next in thread: Florian Weimer: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]