Date: Thu, 19 May 2005 13:27:10 -0700 From: Tim Traver <tt-list@simplenet.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: bsd <freebsd-questions@freebsd.org> Subject: Re: PAWS security vulnerability Message-ID: <428CF69E.5050807@simplenet.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNMEHPFBAA.tedm@toybox.placo.com> References: <LOBBIFDAGNMAMLGJJCKNMEHPFBAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted,
thanks for taking a look at this. I'm not sure I have the ability to
test out your patch. Maybe someone else on this fine list can ?
But this sounds like a pretty severe DOS issue that seems to be
relatively simple to implement.
Do you know if the 5.x branch is affected by this as well ?
Tim.
Ted Mittelstaedt wrote:
>Hi Tim,
>
> Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
>rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the
>FreeBSD
>security list. The only change I made is OpenBSD defines "tiflags"
>FreeBSD defines
>"thflags" I assume they are the same thing. The file is in
>/usr/src/sys/netinet
>
>Turning off the timestamps would be a good way to make your network go
>slow.
>
>*** tcp_input.c.original Thu May 19 11:52:30 2005
>--- tcp_input.c Thu May 19 12:00:14 2005
>***************
>*** 976,984 ****
>--- 976,992 ----
> * record the timestamp.
> * NOTE that the test is modified according to the latest
> * proposal of the tcplw@cray.com list (Braden
>1993/04/26).
>+ * NOTE2 additional check added as a result of PAWS
>vulnerability
>+ * documented in Cisco security notice
>cisco-sn-20050518-tcpts
>+ * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
> */
> if ((to.to_flags & TOF_TS) != 0 &&
> SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
>+ if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
>+
>+ ((thflags & (TH_SYN|TH_FIN)) != 0)))
>+ tp->ts_recent = to.to_tsval;
>+ else
>+ tp->ts_recent = 0;
> tp->ts_recent_age = ticks;
> tp->ts_recent = to.to_tsval;
> }
>
>Ted
>
>
>
>>-----Original Message-----
>>From: owner-freebsd-questions@freebsd.org
>>[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tim Traver
>>Sent: Thursday, May 19, 2005 10:09 AM
>>To: bsd
>>Subject: PAWS security vulnerability
>>
>>
>>Hi all,
>>
>>ok, this article was just published about a PAWS TCP DOS
>>vulnerability,
>>and lists freeBSD 4.x as affected.
>>
>>http://www.securityfocus.com/bid/13676/info/
>>
>>Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>>
>>and is 5.4 affected too ?
>>
>>Tim.
>>
>>_______________________________________________
>>freebsd-questions@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe@freebsd.org"
>>
>>
>>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428CF69E.5050807>