Date: Tue, 16 Sep 2014 22:00:27 +0800 From: Xin Li <delphij@delphij.net> To: Steven Chamberlain <steven@pyro.eu.org>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp Message-ID: <5418427B.9080909@delphij.net> In-Reply-To: <54180EBF.2050104@pyro.eu.org> References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 9/16/14 6:19 PM, Steven Chamberlain wrote: > Hi, > > On 16/09/14 11:14, FreeBSD Security Advisories wrote: >> An attacker who has the ability to spoof IP traffic can tear down >> a TCP connection by sending only 2 packets, if they know both TCP >> port numbers. > > This may be a silly question but, if the attacker can spoof IP > traffic, can't the same be done with a single RST packet? By default RST has to be within the window if the connection is in ESTABLISHED state. So in order to do that the attacker still need to guess or know the sequence number. Hope this helps. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUGEJ7AAoJEJW2GBstM+ns4MgP/jhjYEZnzZimP9COnxiIpQTV E21qVdMQPfglicoPKKvzNfyNL1ZRUHYCXa3tGmKE0zO/6b03c8xmvqARCtZVDF+K xLD1ZfaCjo4mrIKG7LDNAN6WYHYKnF1WNsABcy/7PwnY7Bw3CoVZg3DXKj1s72m4 0XnZwVBfY0e3sy2wzcbirfW9bYk4JK5900wUkXaxtEBkLcdJWirsxx6teC9hvvUS 3K/7NpL0/Hv3nAhEJQwA8kTwD5qNg0uwj1WDY8GzHOSzATIo8B/Dy2ubsN8EBChn OWR/xOBwXTU79RH+f4qwWYV887xsniKTS7uUZIEjgAdS1xz5rjmGIDAm1ATHfrK5 tJm2pZdnxrpJqzBY7zxyQwDAPS1w8bNHzmcXBrZd+m3DvrGRpJO2qqCYZakUI9gR 00ArI4jrD8HFyboQdXy3uW3xIddD07u2xQQ3wwbgigF7tKgZG9m6Iq+Q10YoLo6x Ck/Hpf5yDo/COE/RD8UbyEw3nSsl4s9T6oqPXCLBlnNjuCrh0AqEDwCQ476X7pPb B0BxTZ46KY//h0vzMpTFQO3EShQfIYRKsme3bRfuiApXb+xgFpz1KEzqDkeiz3/3 681k8COJYjLKoe6Xq7p1C8sL5pmg9G/pTjyN38vOZF10096+RGP1kLZO2zT88BEi pIIwvv0RmHBgAf+PL0mH =sAgZ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5418427B.9080909>