Date: Wed, 16 Sep 2009 22:26:46 +0200 From: Willy Tarreau <w@....eu> To: Marcus Meissner <meissner@...e.de> Cc: OSS Security List <oss-security@...ts.openwall.com>, security@...nel.org, davem@...emloft.net Subject: Re: [Security] CVE-2008-4609 / Outpost24 TCP issues Hi Marcus, On Wed, Sep 16, 2009 at 03:50:56PM +0200, Marcus Meissner wrote: > Hi folks, > > I get customer queries on whether and how the Linux kernel is affected > to the CVE-2008-4609 TCP denial of service problems ... > > This seems to a large degree to be a kernel issue. > Also how are applications involved in the whole picture? > > To my own not so deep knowledge this issue seems to affect us > even today. > > Has anyone insights to that? Well, I've just read the PDF from the outpost24 site, and it appears as TCP for dummies. It basically explains how to create connections without using connect(). 1) everyone knows how to change ulimit -n + bind() to establish hundreds of thousands of connections from a client to a server using source IP ranges, without even having to fiddle with raw sockets. 2) I don't see what is new in his stateless SYN/SYN-ACK/ACK method. To the best of my knowledge it's been used for ages in network testing. I even have a modified Netfilter TARPIT module designed to do that to stress network equipments with millions of connections when associated with a standard SYN flooder. I think these guys are just trying once again to get all the lights on them before revealing trivial things, as it's becoming more and more common. It's fantastic to see press journalists speculate on what the isue might be ! So unless they reveal anything serious, right now it looks like pure fantasy. Or maybe I wasn't able to find relevant information on the subject :-/ Regards, Willy
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.