Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 16 Sep 2009 22:26:46 +0200
From: Willy Tarreau <w@....eu>
To: Marcus Meissner <meissner@...e.de>
Cc: OSS Security List <oss-security@...ts.openwall.com>, security@...nel.org,
        davem@...emloft.net
Subject: Re: [Security] CVE-2008-4609 / Outpost24 TCP issues

Hi Marcus,

On Wed, Sep 16, 2009 at 03:50:56PM +0200, Marcus Meissner wrote:
> Hi folks,
> 
> I get customer queries on whether and how the Linux kernel is affected
> to the CVE-2008-4609 TCP denial of service problems ...
> 
> This seems to a large degree to be a kernel issue.
> Also how are applications involved in the whole picture?
> 
> To my own not so deep knowledge this issue seems to affect us
> even today.
> 
> Has anyone insights to that?

Well, I've just read the PDF from the outpost24 site, and it appears
as TCP for dummies. It basically explains how to create connections
without using connect().

  1) everyone knows how to change ulimit -n + bind() to establish
     hundreds of thousands of connections from a client to a server
     using source IP ranges, without even having to fiddle with raw
     sockets.

  2) I don't see what is new in his stateless SYN/SYN-ACK/ACK method.
     To the best of my knowledge it's been used for ages in network
     testing. I even have a modified Netfilter TARPIT module designed
     to do that to stress network equipments with millions of
     connections when associated with a standard SYN flooder.

I think these guys are just trying once again to get all the lights
on them before revealing trivial things, as it's becoming more and
more common. It's fantastic to see press journalists speculate on
what the isue might be !

So unless they reveal anything serious, right now it looks like
pure fantasy. Or maybe I wasn't able to find relevant information
on the subject :-/

Regards,
Willy

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.