Re: [Patch] IPv4 TCP security impovement

Joachim Baran (jbaran@hildesheim.sgh-net.de)
Sat, 9 Jan 1999 10:44:05 +0100

On Sat, Jan 09, 1999 at 01:53:53AM +0100, Andi Kleen wrote:
> On Fri, Jan 08, 1999 at 08:07:45PM +0100, Joachim Baran wrote:
> > I'm talking about UNCONNECTED ports. Understand the
> > patch - luke... (Sorry - but that's how it is).
> The ports are unconnected because they have been opened by a different machine
> that had the same IP. Your machine does not know that they exists, until
> the packets arrive.
OK - now very slow:

Port 25 (we assume sendmail listening)
-> This port is connected to sendmail, because
sendmail listens on it. I don't touch
packets to this port. Everything goes
thru sendmail is is then handled by
it.

Port 24 (nothing - no daemon - no nothing)
-> This port is unconnected. There is no
service behind it. Here I would drop
the received packet without sending
an ACK+RST.

So: There couldn't have been any connection to
port 24, because nobody is listening there...

> The patch is not suitable for kernel inclusion IMHO.
Then it has to more complicated and I think that
would be slower...

According to some Phrack (49? - I can't remember) I
read, Microsoft operating systems don't send an ACK+RST.
So they couldn't be scanned in this way - but almost
every Unix. This is sad...

Bye.

-- 
Joachim Baran                   jbaran@hildesheim.sgh-net.de
Breslauerstr.18     http://prinz.hannover.sgh-net.de/~jbaran
31171 Mahlerten                       Network Administration
Lower Saxony/Germany                         and Programming




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/