From owner-freebsd-net@FreeBSD.ORG Thu May 19 17:03:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14BD216A4CE for ; Thu, 19 May 2005 17:03:35 +0000 (GMT) Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net [69.17.117.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6508043D39 for ; Thu, 19 May 2005 17:03:34 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 25594 invoked from network); 19 May 2005 17:03:33 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 19 May 2005 17:03:33 -0000 Received: from hydrogen.funkthat.com (gjajch@localhost.funkthat.com [127.0.0.1])j4JH3W2g032712; Thu, 19 May 2005 10:03:32 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id j4JH3LYq032711; Thu, 19 May 2005 10:03:21 -0700 (PDT) Date: Thu, 19 May 2005 10:03:21 -0700 From: John-Mark Gurney To: Andre Oppermann Message-ID: <20050519170321.GB959@funkthat.com> Mail-Followup-To: Andre Oppermann , Christian Brueffer , freebsd-net@freebsd.org References: <20050519093736.GA932@unixpages.org> <428C5F89.2E595E02@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <428C5F89.2E595E02@freebsd.org> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-net@freebsd.org Subject: Re: tcp timestamp vulnerability? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 17:03:35 -0000 Andre Oppermann wrote this message on Thu, May 19, 2005 at 11:42 +0200: > Christian Brueffer wrote: > > > > Hi, > > > > has anyone taken a look at http://www.kb.cert.org/vuls/id/637934? > > sys/netinet/tcp_input.c Revision 1.270, Sun Apr 10 05:24:59 2005 UTC > (5 weeks, 4 days ago) by ps > Branch: MAIN > Changes since 1.269: +23 -3 lines > > - Tighten up the Timestamp checks to prevent a spoofed segment from > setting ts_recent to an arbitrary value, stopping further > communication between the two hosts. > - If the Echoed Timestamp is greater than the current time, > fall back to the non RFC 1323 RTT calculation. > > Submitted by: Raja Mukerji (raja at moselle dot com) > Reviewed by: Noritoshi Demizu, Mohan Srinivasan Looks like someone needs to get an offical statement out, since CERT still lists FreeBSD as vulnerable (as of 16-Mar-2005)... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."