Hi,
I was asked if something like this vulnerability may exists in Linux,
or if is there any precautions for this?
"
Topic: many out-of-sequence TCP packets denial-of-service
I. Background
The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service. When network packets making up a TCP stream (``TCP
segments'') are received out-of-sequence, they are maintained in a
reassembly queue by the destination system until they can be re-ordered
and re-assembled.
II. Problem Description
FreeBSD does not limit the number of TCP segments that may be held in a
reassembly queue.
III. Impact
A remote attacker may conduct a low-bandwidth denial-of-service attack
against a machine providing services based on TCP (there are many such
services, including HTTP, SMTP, and FTP). By sending many
out-of-sequence TCP segments, the attacker can cause the target machine
to consume all available memory buffers (``mbufs''), likely leading to
a system crash.
"
Cheers,
GCS