Date: Tue, 16 Sep 2014 09:20:05 -0400 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp Message-ID: <44y4tjwvlm.fsf@lowell-desk.lan> In-Reply-To: <1410870926.3637266.168084441.4C997218@webmail.messagingengine.com> (Mark Felder's message of "Tue, 16 Sep 2014 07:35:26 -0500") References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org> <1410870926.3637266.168084441.4C997218@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Felder <feld@FreeBSD.org> writes: > On Tue, Sep 16, 2014, at 05:19, Steven Chamberlain wrote: >> Hi, >> >> On 16/09/14 11:14, FreeBSD Security Advisories wrote: >> > An attacker who has the ability to spoof IP traffic can tear down a >> > TCP connection by sending only 2 packets, if they know both TCP port >> > numbers. >> >> This may be a silly question but, if the attacker can spoof IP traffic, >> can't the same be done with a single RST packet? >> > > Yes, this is how Sandvine anti-piracy products work. They detect you > torrenting/P2P and then send an RST spoofed from the other end. You can > defeat this by dropping RST altogether, which is what many people do. > It's better if they don't blindly block all RST, and only to the ports > they use for P2P... That's not quite the same; that's a full man-in-the-middle attack on the connection, so all of the connection information is available. The problem being fixed here allowed an attacker to do that without knowing the sequence numbers. > I'm torn on calling this an actual security problem. It's certainly a > bug -- defeated by a stateful firewall, as detailed in the SA -- but if > someone can spoof the traffic... you've a problem at a different layer > :-) Spoofing traffic is pretty easy. The reason it isn't generally a problem is that knowing what to spoof is more difficult. [I assume that's what feld@ actually meant, but it's an important distinction.]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44y4tjwvlm.fsf>