From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 12:35:27 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D55B6BC3 for ; Tue, 16 Sep 2014 12:35:27 +0000 (UTC) Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A5FC2777 for ; Tue, 16 Sep 2014 12:35:27 +0000 (UTC) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by gateway2.nyi.internal (Postfix) with ESMTP id AB3FFD30 for ; Tue, 16 Sep 2014 08:35:26 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Tue, 16 Sep 2014 08:35:26 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date:in-reply-to :references; s=smtpout; bh=L4GqEcqlh7ReRhQteNWp4hBFmvs=; b=Db/3+ 9jmuynAIBa97qU1zc6K7f6Oi+hYqbRMkAPHeWvBlpcprV3GPy5BVBZE0jtWiIRT0 mKhFCi2kMO5lbPJ0EYyAXgK1MUBNOev1t72mZTWZdqrKHsEkl721Nereo7igB12O HQoaOHgRGyAdVRsFfDhvJfh14ELcKdkoP8ZYsQ= Received: by web3.nyi.internal (Postfix, from userid 99) id 5B7E0183B58; Tue, 16 Sep 2014 08:35:26 -0400 (EDT) Message-Id: <1410870926.3637266.168084441.4C997218@webmail.messagingengine.com> X-Sasl-Enc: At4ewSVwPpaNJJCfcXjtZXg8SocVDcR2Rc3LWpx7hmD3 1410870926 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-0646565c Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp Date: Tue, 16 Sep 2014 07:35:26 -0500 In-Reply-To: <54180EBF.2050104@pyro.eu.org> References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2014 12:35:27 -0000 On Tue, Sep 16, 2014, at 05:19, Steven Chamberlain wrote: > Hi, > > On 16/09/14 11:14, FreeBSD Security Advisories wrote: > > An attacker who has the ability to spoof IP traffic can tear down a > > TCP connection by sending only 2 packets, if they know both TCP port > > numbers. > > This may be a silly question but, if the attacker can spoof IP traffic, > can't the same be done with a single RST packet? > Yes, this is how Sandvine anti-piracy products work. They detect you torrenting/P2P and then send an RST spoofed from the other end. You can defeat this by dropping RST altogether, which is what many people do. It's better if they don't blindly block all RST, and only to the ports they use for P2P... I'm torn on calling this an actual security problem. It's certainly a bug -- defeated by a stateful firewall, as detailed in the SA -- but if someone can spoof the traffic... you've a problem at a different layer :-) (Warning: I'm not a security expert.)