Date: Thu, 19 May 2005 11:46:17 +0200 From: Christian Brueffer <chris@unixpages.org> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: tcp timestamp vulnerability? Message-ID: <20050519094617.GB932@unixpages.org> In-Reply-To: <428C5F89.2E595E02@freebsd.org> References: <20050519093736.GA932@unixpages.org> <428C5F89.2E595E02@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--TakKZr9L6Hm6aLOc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 19, 2005 at 11:42:33AM +0200, Andre Oppermann wrote: > Christian Brueffer wrote: > >=20 > > Hi, > >=20 > > has anyone taken a look at http://www.kb.cert.org/vuls/id/637934? >=20 > sys/netinet/tcp_input.c Revision 1.270, Sun Apr 10 05:24:59 2005 UTC > (5 weeks, 4 days ago) by ps > Branch: MAIN > Changes since 1.269: +23 -3 lines >=20 > - Tighten up the Timestamp checks to prevent a spoofed segment from > setting ts_recent to an arbitrary value, stopping further > communication between the two hosts. > - If the Echoed Timestamp is greater than the current time, > fall back to the non RFC 1323 RTT calculation. >=20 > Submitted by: Raja Mukerji (raja at moselle dot com) > Reviewed by: Noritoshi Demizu, Mohan Srinivasan >=20 Thanks. Since I got this from the Heise Newsticker I'll see if I can get them to update their story. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --TakKZr9L6Hm6aLOc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCjGBpbHYXjKDtmC0RAlyUAKCI6FMWX1ROw4GziFxOBR//wOw0xQCeOYAl UUFdF3TRh4wuKMzqYyAmxos= =TzWA -----END PGP SIGNATURE----- --TakKZr9L6Hm6aLOc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050519094617.GB932>