Date: Thu, 19 May 2005 11:42:33 +0200 From: Andre Oppermann <andre@freebsd.org> To: Christian Brueffer <chris@unixpages.org> Cc: freebsd-net@freebsd.org Subject: Re: tcp timestamp vulnerability? Message-ID: <428C5F89.2E595E02@freebsd.org> References: <20050519093736.GA932@unixpages.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian Brueffer wrote: > > Hi, > > has anyone taken a look at http://www.kb.cert.org/vuls/id/637934? sys/netinet/tcp_input.c Revision 1.270, Sun Apr 10 05:24:59 2005 UTC (5 weeks, 4 days ago) by ps Branch: MAIN Changes since 1.269: +23 -3 lines - Tighten up the Timestamp checks to prevent a spoofed segment from setting ts_recent to an arbitrary value, stopping further communication between the two hosts. - If the Echoed Timestamp is greater than the current time, fall back to the non RFC 1323 RTT calculation. Submitted by: Raja Mukerji (raja at moselle dot com) Reviewed by: Noritoshi Demizu, Mohan Srinivasan -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428C5F89.2E595E02>