From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 14:00:29 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A6528FA3 for ; Tue, 16 Sep 2014 14:00:29 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A17E144 for ; Tue, 16 Sep 2014 14:00:29 +0000 (UTC) Received: from delphij-macbook.local (unknown [1.202.68.57]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 98424154FF; Tue, 16 Sep 2014 07:00:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1410876029; x=1410890429; bh=HVt0efnsAlQrXxtIqScT6j4QZwCUQQDnbYF/IUph0yU=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=HfTJ4iKddIu+lq6Nz9zfYLcU4FSY86eEIyN6b1/hipu8uf77up+WpZdIpyVeywt1P zqFcjEKTLISDSRxbzAlexuu+z49SLMBP9LwvOVVUtWpPoFv3nsmozv++51xSgwWo/6 HSEVIPwxR9TtXwna5DMIcTmsMADS6QCdxNaoYwEI= Message-ID: <5418427B.9080909@delphij.net> Date: Tue, 16 Sep 2014 22:00:27 +0800 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Steven Chamberlain , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp References: <201409161014.s8GAE77Z070671@freefall.freebsd.org> <54180EBF.2050104@pyro.eu.org> In-Reply-To: <54180EBF.2050104@pyro.eu.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2014 14:00:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 9/16/14 6:19 PM, Steven Chamberlain wrote: > Hi, > > On 16/09/14 11:14, FreeBSD Security Advisories wrote: >> An attacker who has the ability to spoof IP traffic can tear down >> a TCP connection by sending only 2 packets, if they know both TCP >> port numbers. > > This may be a silly question but, if the attacker can spoof IP > traffic, can't the same be done with a single RST packet? By default RST has to be within the window if the connection is in ESTABLISHED state. So in order to do that the attacker still need to guess or know the sequence number. Hope this helps. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUGEJ7AAoJEJW2GBstM+ns4MgP/jhjYEZnzZimP9COnxiIpQTV E21qVdMQPfglicoPKKvzNfyNL1ZRUHYCXa3tGmKE0zO/6b03c8xmvqARCtZVDF+K xLD1ZfaCjo4mrIKG7LDNAN6WYHYKnF1WNsABcy/7PwnY7Bw3CoVZg3DXKj1s72m4 0XnZwVBfY0e3sy2wzcbirfW9bYk4JK5900wUkXaxtEBkLcdJWirsxx6teC9hvvUS 3K/7NpL0/Hv3nAhEJQwA8kTwD5qNg0uwj1WDY8GzHOSzATIo8B/Dy2ubsN8EBChn OWR/xOBwXTU79RH+f4qwWYV887xsniKTS7uUZIEjgAdS1xz5rjmGIDAm1ATHfrK5 tJm2pZdnxrpJqzBY7zxyQwDAPS1w8bNHzmcXBrZd+m3DvrGRpJO2qqCYZakUI9gR 00ArI4jrD8HFyboQdXy3uW3xIddD07u2xQQ3wwbgigF7tKgZG9m6Iq+Q10YoLo6x Ck/Hpf5yDo/COE/RD8UbyEw3nSsl4s9T6oqPXCLBlnNjuCrh0AqEDwCQ476X7pPb B0BxTZ46KY//h0vzMpTFQO3EShQfIYRKsme3bRfuiApXb+xgFpz1KEzqDkeiz3/3 681k8COJYjLKoe6Xq7p1C8sL5pmg9G/pTjyN38vOZF10096+RGP1kLZO2zT88BEi pIIwvv0RmHBgAf+PL0mH =sAgZ -----END PGP SIGNATURE-----