[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Don Lewis
truckman at FreeBSD.org
Wed Apr 21 16:31:31 PDT 2004
On 21 Apr, Mike Silbersack wrote:
>
> On Wed, 21 Apr 2004, Don Lewis wrote:
>
>> > 1. Accept all RSTs meeting the criteria you just listed above.
>>
>> At this step, it would be better if we used the window size that was
>> advertised it the last packet sent, since that is what the sequence
>> number of the RST packet will be calculated from, while the window size
>> could have increased if data was consumed from the receive queue between
>> the time we sent the last packet and when we received the RST.
>>
>> It doesn't look like we keep the necessary data for this. Probably the
>> easiest thing to do would be to calculate the expected sequence number
>> in tcp_output() and stash it in the pcb.
>
> Do you have access to a system that exhibits the "RST at end of window"
> syndrome so that you could code up and test out this part of the patch?
Nope. The only report of this that I saw was from jayanth. Judging by
the tcpdump timestamps, it looks like whatever this wierd piece of
hardware was, it was nearby.
More information about the freebsd-security
mailing list