Bugtraq mailing list archives

Re: TCP bug on old Solaris box ?

From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Sat, 21 Dec 1996 13:19:24 -0800

Doing nasty things with my old 2.3 Sun box, I noticed that
Solaris exits gracefully from a listen/accept call BEFORE
the three-way handshake is completed. That is, you exit
successfully from accept() as soon as the first SYN arrives !

Solaris 2.5 has a much better behavior and exits from accept()
only if the three-way handshake is completed. Do people noticed
something similar ? Any comments ?


This is dynamically configurable on Solaris 2.X via the "tcp_eager_listeners"
variable.  You probably want to turn it off.

PS : Oh, by the way : of course, this is bad news for the guys who
try to stealthly scan the TCP ports of the solaris 2.3 target, for example
with ETCP, since the old box urges syslog for incoming connections anyway...


That is one possible use for turning on this parameter.

-Nate

Current thread:

NT vulnerable to attack on CPU, (continued)
- - NT vulnerable to attack on CPU Aleph One (Dec 19)
  - CERT/AUCERT Mycroft (Dec 19)
    - Re: CERT/AUCERT itudps (Dec 19)
    - Re: CERT/AUCERT Aleph One (Dec 19)
    - Re: CERT/AUCERT Theo de Raadt (Dec 19)
    - Slow vendor response Alan Cox (Dec 20)
    - CERT Bashing, etc Aleph One (Dec 19)
    - Re: CERT/AUCERT Yuri Volobuev (Dec 19)
    - Re: CERT/AUCERT Tung-Hui Hu (Dec 19)
    - TCP bug on old Solaris box ? Gilles Soulet (Dec 20)
    - Re: TCP bug on old Solaris box ? Nathan Lawson (Dec 21)
    - Buffer overflow in Linux's login program Joe Zbiciak (Dec 22)
    - Solaris 2.5 x86 aspppd (semi-exploitable-hole) Thamer Al-Herbish (Dec 20)
    - CERT, CIAC, etc. and unethical practices Thamer Al-Herbish (Dec 20)
    - ANNOUNCE: Crack v5.0a available... Alec Muffett (Dec 20)
    - Security Survey Aleph One (Dec 20)