Re: TCP-RST Vulnerability - Doubt

From: Florian Weimer
Date: Tue Jun 29 2004 - 16:29:42 EST

Next message: Andrew Morton: "Re: 2.6.7-mm4 compile buglet"
Previous message: David S. Miller: "Re: [netfilter-core] undefined reference to`ip_conntrack_untracked'"
In reply to: Lincoln Dale: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Lincoln Dale:

> the vulnerabilities are real for any application/protocol which makes
> use of long-duration TCP sessions.

... *and* which hasn't got fast recovery from connection loss.

For example, NNTP uses long-lived TCP connections, but it is NOT
vulnerable because restart is very cheap.

Given the other benefits of fast recovery, it's better to concentrate
on that than to tack something on the TCP stack which only solves a
tiny subset of the problems (which isn't even relevant in practice).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.6.7-mm4 compile buglet"
Previous message: David S. Miller: "Re: [netfilter-core] undefined reference to`ip_conntrack_untracked'"
In reply to: Lincoln Dale: "Re: TCP-RST Vulnerability - Doubt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]