Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denialof Service Attack

[Paul Jakma]

On Tue, 14 Sep 2004, Alan Cox wrote:

> guess them that way. This is spectacularly more effective and 
> various vendors highly invalid rst acking crap won't save you.

Ah, well, I dont care about various vendors. I only care about Linux, 
BSD and SunOS kernel behaviour ;)

That said, TCP-MD5 signature renders this mostly moot, and deployment 
of TCP-MD5 has increased a lot since the last round of "BGP TCP is 
insecure!" non-issues came up. Many IXes and peers now require 
TCP-MD5.

The rights and wrongs of TCP-MD5 notwithstanding, it'd be nice if 
Linux could support this. Anyone running BGP on Linux at moment must 
patch their kernel - or else just switch to Free/Open BSD.

regards,
--
Paul Jakma	paul@xxxxxxxx	paul@xxxxxxxxx	Key ID: 64A2FF6A
Fortune:
It looks like it's up to me to save our skins.  Get into that garbage chute,
flyboy!
		-- Princess Leia Organa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/