Re: predictable IP ID

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 4 Oct 1999 15:57:46 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David S. Miller: "Re: predictable IP ID"
Previous message: Alan Cox: "Re: [patch] 2.3.18ac10 /proc fixes [Re: [patch] wchan in 2.3.18ac6]"
In reply to: Andrea Arcangeli: "Re: [patch] 2.3.18ac10 /proc fixes [Re: [patch] wchan in 2.3.18ac6]"
Next in thread: kuznet@ms2.inr.ac.ru: "Re: predictable IP ID"
Reply: kuznet@ms2.inr.ac.ru: "Re: predictable IP ID"

> But then Andrey proved that it is really serious problem.
> Essentially, the exploit is very simple: predictable ID allows
> spoofer to detect situation, when kernel answers to source spoofed packet.
> F.e. it opens nice and fast (64 packets!) way to complete
> tcp connection with spoofed source. It is very serious hole.

Im unconvinced. Where is the exploit documented ? If the exploit relies
on overwriting the tcp header remember that even the base firewall config
doesn't allow this.

> Certainly, AVL is terrible but taking into account that size of database
> may be huge, it is acceptable. Also, take into account that
> the same code may be used to kill timewait state, so that it is pure winning.

Except that I construct attacks to use massive amounts of AVL tree space.
Very easily in fact. On something like an appliance with 8Mb of RAM that
makes the AVL setup a non solution and something better is needed

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: predictable IP ID"
Previous message: Alan Cox: "Re: [patch] 2.3.18ac10 /proc fixes [Re: [patch] wchan in 2.3.18ac6]"
In reply to: Andrea Arcangeli: "Re: [patch] 2.3.18ac10 /proc fixes [Re: [patch] wchan in 2.3.18ac6]"
Next in thread: kuznet@ms2.inr.ac.ru: "Re: predictable IP ID"
Reply: kuznet@ms2.inr.ac.ru: "Re: predictable IP ID"