From owner-freebsd-security@FreeBSD.ORG Tue Apr 20 23:50:19 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BE4616A4CE; Tue, 20 Apr 2004 23:50:19 -0700 (PDT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D3A743D5D; Tue, 20 Apr 2004 23:50:18 -0700 (PDT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.11/8.12.11) with ESMTP id i3L6o7BO026772; Wed, 21 Apr 2004 08:50:08 +0200 (CEST) (envelope-from phk@phk.freebsd.dk) To: Mike Silbersack From: "Poul-Henning Kamp" In-Reply-To: Your message of "Wed, 21 Apr 2004 01:50:28 CDT." <20040421014736.H1228@odysseus.silby.com> Date: Wed, 21 Apr 2004 08:50:07 +0200 Message-ID: <26771.1082530207@critter.freebsd.dk> cc: freebsd-security@freebsd.org cc: Don Lewis cc: avalon@caligula.anu.edu.au Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2004 06:50:19 -0000 In message <20040421014736.H1228@odysseus.silby.com>, Mike Silbersack writes: > >On Tue, 20 Apr 2004, Don Lewis wrote: > >> I am concerned that step C will not solve the compatibility problem. The >> FreeBSD host is sending a FIN to close an established connection, and >> the peer host adding the window size advertised in the FIN packet to the >> sequence number acknowledged in the FIN packet, and using the sum as the >> sequence number for the RST packet, which puts the sequence number at >> the end of the receive window. > >Would it be feasible for us to create a four to five element array to >track "resettable" sequence numbers? This could hold the sequence numbers >of the last few packets transmitted, and account for that edge case as >well. Sounds like an interesting idea. Technically you will have to hold the sequence numbers for all non-ACK'ed packets, which may be up to the window divided by the MTU. In the conventional case, worst case is 237 sequence numbers (65535/276). This sounds like a lot until one realizes that at the same time we hold 64k of un-ACK'ed data. A prototype would be a good thing... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.