Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 May 2005 12:05:08 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Tim Traver" <tt-list@simplenet.com>, "bsd" <freebsd-questions@freebsd.org>
Subject:   RE: PAWS security vulnerability
Message-ID:  <LOBBIFDAGNMAMLGJJCKNMEHPFBAA.tedm@toybox.placo.com>
In-Reply-To: <428CC847.1060708@simplenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Tim,

  Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11.  YMMV  If it works I would submit it to the
FreeBSD
security list.  The only change I made is OpenBSD defines "tiflags"
FreeBSD defines
"thflags" I assume they are the same thing.  The file is in
/usr/src/sys/netinet

Turning off the timestamps would be a good way to make your network go
slow.

*** tcp_input.c.original        Thu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***************
*** 976,984 ****
--- 976,992 ----
                 * record the timestamp.
                 * NOTE that the test is modified according to the latest
                 * proposal of the tcplw@cray.com list (Braden
1993/04/26).
+                * NOTE2 additional check added as a result of PAWS
vulnerability
+                * documented in Cisco security notice
cisco-sn-20050518-tcpts
+                * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
                 */
                if ((to.to_flags & TOF_TS) != 0 &&
                    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+                       if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
+
+                               ((thflags & (TH_SYN|TH_FIN)) != 0)))
+                                 tp->ts_recent = to.to_tsval;
+                       else
+                               tp->ts_recent = 0;
                        tp->ts_recent_age = ticks;
                        tp->ts_recent = to.to_tsval;
                }

Ted

> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tim Traver
> Sent: Thursday, May 19, 2005 10:09 AM
> To: bsd
> Subject: PAWS security vulnerability
>
>
> Hi all,
>
> ok, this article was just published about a PAWS TCP DOS
> vulnerability,
> and lists freeBSD 4.x as affected.
>
> http://www.securityfocus.com/bid/13676/info/
>
> Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>
> and is 5.4 affected too ?
>
> Tim.
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNMEHPFBAA.tedm>