Date: Fri, 25 Jun 2004 15:05:32 -0700
From: "David S. Miller" <davem@redhat.com>
To: saiprathap <saiprathap@cc.usu.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: TCP-RST Vulnerability - Doubt
Message-Id: <20040625150532.1a6d6e60.davem@redhat.com>
In-Reply-To: <40DC9B00@webster.usu.edu>
References: <40DC9B00@webster.usu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1186
Lines: 24

On Fri, 25 Jun 2004 15:20:50 -0600
saiprathap <saiprathap@cc.usu.edu> wrote:

> I am a graduate research student majoring in the field of
> Computer Networking.As part of my research I have sorted out what FreeBSD has 
> done to overcome the TCP-RST vulnerability (by modifying the stack to accept 
> the RST packets only with the current + 1 sequence number and ignoring the 
> rest, even if their sequence numbers fall within the receiving window).
> 
> Could you kindly share your views regarding what Linux has done to its stack 
> to overcome this vulnerability as it will be of great help to my research.

We have done nothing, and there are no plans to implement any workaround
for this problem.

RFC2385 MD5 hashing support is going in soon, and for the application where
the vulnerability actually matters (BGP sessions between backbone routers)
MD5 clears that problem right up and they're all using MD5 protection already
anyways.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/