Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S265134AbUF1TSx (ORCPT ); Mon, 28 Jun 2004 15:18:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265137AbUF1TSx (ORCPT ); Mon, 28 Jun 2004 15:18:53 -0400 Received: from mail.enyo.de ([212.9.189.167]:30474 "EHLO mail.enyo.de") by vger.kernel.org with ESMTP id S265134AbUF1TSw (ORCPT ); Mon, 28 Jun 2004 15:18:52 -0400 To: Andre Tomt Cc: linux-kernel@vger.kernel.org, "David S. Miller" Subject: Re: TCP-RST Vulnerability - Doubt References: <40DC9B00@webster.usu.edu> <20040625150532.1a6d6e60.davem@redhat.com> <40DCDDF4.7030509@tomt.net> From: Florian Weimer Date: Mon, 28 Jun 2004 21:18:48 +0200 In-Reply-To: <40DCDDF4.7030509@tomt.net> (Andre Tomt's message of "Sat, 26 Jun 2004 04:22:44 +0200") Message-ID: <87zn6njxt3.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1090 Lines: 24 * Andre Tomt: > I have not seen anything conclusive on this yet. How sensitive is > Linux to the attack? The original RST-based attack was against a mixed Cisco/Linux+Quagga environment, IIRC. This combination is especially vulnerable if the BGP connection is established in the right direction. However, nobody has probably bothered to replicate that attack in the lab. As published, the attack just doesn't work against Cisco/Cisco peerings. Unfortunately, there is another that *might* actually work, that's why there was so much fuss about it. If you have some window checking bugs (like the BSDs had), it can be quite worse, of course. But such issues are usually way overrated. Most DoS potential remains unexploited anyway, and I don't think the disruption from people frantically enabling the TCP MD5 option payed off in the end. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/