From owner-freebsd-questions@FreeBSD.ORG Thu May 19 19:05:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C48EE16A4D0 for ; Thu, 19 May 2005 19:05:15 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ECD743D39 for ; Thu, 19 May 2005 19:05:14 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j4JJ5jb44489; Thu, 19 May 2005 12:05:46 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Tim Traver" , "bsd" Date: Thu, 19 May 2005 12:05:08 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <428CC847.1060708@simplenet.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Subject: RE: PAWS security vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 19:05:15 -0000 Hi Tim, Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the FreeBSD security list. The only change I made is OpenBSD defines "tiflags" FreeBSD defines "thflags" I assume they are the same thing. The file is in /usr/src/sys/netinet Turning off the timestamps would be a good way to make your network go slow. *** tcp_input.c.original Thu May 19 11:52:30 2005 --- tcp_input.c Thu May 19 12:00:14 2005 *************** *** 976,984 **** --- 976,992 ---- * record the timestamp. * NOTE that the test is modified according to the latest * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * NOTE2 additional check added as a result of PAWS vulnerability + * documented in Cisco security notice cisco-sn-20050518-tcpts + * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch */ if ((to.to_flags & TOF_TS) != 0 && SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { + if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen + + ((thflags & (TH_SYN|TH_FIN)) != 0))) + tp->ts_recent = to.to_tsval; + else + tp->ts_recent = 0; tp->ts_recent_age = ticks; tp->ts_recent = to.to_tsval; } Ted > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tim Traver > Sent: Thursday, May 19, 2005 10:09 AM > To: bsd > Subject: PAWS security vulnerability > > > Hi all, > > ok, this article was just published about a PAWS TCP DOS > vulnerability, > and lists freeBSD 4.x as affected. > > http://www.securityfocus.com/bid/13676/info/ > > Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ? > > and is 5.4 affected too ? > > Tim. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >