Re: TCP/BGP vulnerability - easier than you think

• From: Petri Helenius
• Date: Fri Apr 23 11:51:22 2004

Leo Bicknell wrote:

I point out NetBSD released this:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc

Of interest is this paragraph:

] Additionally, the 4.4BSD stack from which NetBSD's stack is derived, did
] not even check that a RST's sequence number was inside the window. RSTs
] anywhere to the left of the window were treated as valid.

It's a good thing the 4.4BSD stack was unpopular, otherwise it might be
in a lot of programs.

Most code bases fixed this much earlier, like FreeBSD in 1998;
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.80&r2=1.81&f=h

Pete

• References:
  • Re: TCP/BGP vulnerability - easier than you think Daniel Roesen
  • Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum
  • Re: TCP/BGP vulnerability - easier than you think Daniel Roesen
  • Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum
  • Re: TCP/BGP vulnerability - easier than you think Iljitsch van Beijnum
  • Re: TCP/BGP vulnerability - easier than you think Leo Bicknell

• Prev by Date: Re: TCP/BGP vulnerability - easier than you think
• Next by Date: Re: Alternate and/or hidden infrastructure addresses (BGP/TCP RST/SYN vulnerability)
• Date Index
• Thread Index
• Author Index
• Historical