[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: [Security] CVE-2008-4609 / Outpost24 TCP issues
From:       Willy Tarreau <w () 1wt ! eu>
Date:       2009-09-16 20:26:46
Message-ID: 20090916202646.GA6169 () 1wt ! eu
[Download RAW message or body]

Hi Marcus,

On Wed, Sep 16, 2009 at 03:50:56PM +0200, Marcus Meissner wrote:
> Hi folks,
> 
> I get customer queries on whether and how the Linux kernel is affected
> to the CVE-2008-4609 TCP denial of service problems ...
> 
> This seems to a large degree to be a kernel issue.
> Also how are applications involved in the whole picture?
> 
> To my own not so deep knowledge this issue seems to affect us
> even today.
> 
> Has anyone insights to that?

Well, I've just read the PDF from the outpost24 site, and it appears
as TCP for dummies. It basically explains how to create connections
without using connect().

  1) everyone knows how to change ulimit -n + bind() to establish
     hundreds of thousands of connections from a client to a server
     using source IP ranges, without even having to fiddle with raw
     sockets.

  2) I don't see what is new in his stateless SYN/SYN-ACK/ACK method.
     To the best of my knowledge it's been used for ages in network
     testing. I even have a modified Netfilter TARPIT module designed
     to do that to stress network equipments with millions of
     connections when associated with a standard SYN flooder.

I think these guys are just trying once again to get all the lights
on them before revealing trivial things, as it's becoming more and
more common. It's fantastic to see press journalists speculate on
what the isue might be !

So unless they reveal anything serious, right now it looks like
pure fantasy. Or maybe I wasn't able to find relevant information
on the subject :-/

Regards,
Willy

[prev in list] [next in list] [prev in thread] [next in thread]