Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denialof Service Attack

From: Paul Jakma
Date: Tue Sep 14 2004 - 10:09:35 EST

Next message: Jeff Garzik: "Re: Add skeleton "generic IO mapping" infrastructure."
Previous message: Sasha Khapyorsky: "Re: GPL source code for Smart USB 56 modem (includes ALSA AC97 patch)"
In reply to: Ville Hallivuori: "Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack"
Next in thread: Alan Cox: "Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial of Service Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 13 Sep 2004, Ville Hallivuori wrote:

Actually you can treat TCP session failure as transient error. Just use BGP graceful restart (witch basically allows re-opening TCP connection without losing routing tables).

http://www.ietf.org/internet-drafts/draft-ietf-idr-restart-10.txt

Hmm, yes, I hadnt thought of the attack-mitigating aspects of graceful restart. Though, without other measures, the session is still is open to abuse (send RST every second).

regards,
--
Paul Jakma paul@xxxxxxxx paul@xxxxxxxxx Key ID: 64A2FF6A
Fortune:
Wit, n.:
The salt with which the American Humorist spoils his cookery
... by leaving it out.
-- Ambrose Bierce, "The Devil's Dictionary"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: Add skeleton "generic IO mapping" infrastructure."
Previous message: Sasha Khapyorsky: "Re: GPL source code for Smart USB 56 modem (includes ALSA AC97 patch)"
In reply to: Ville Hallivuori: "Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack"
Next in thread: Alan Cox: "Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial of Service Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]