oss-sec mailing list archives
Re: [Security] CVE-2008-4609 / Outpost24 TCP issues
From: Willy Tarreau <w () 1wt eu>
Date: Wed, 16 Sep 2009 22:26:46 +0200
Hi Marcus, On Wed, Sep 16, 2009 at 03:50:56PM +0200, Marcus Meissner wrote:
Hi folks, I get customer queries on whether and how the Linux kernel is affected to the CVE-2008-4609 TCP denial of service problems ... This seems to a large degree to be a kernel issue. Also how are applications involved in the whole picture? To my own not so deep knowledge this issue seems to affect us even today. Has anyone insights to that?
Well, I've just read the PDF from the outpost24 site, and it appears as TCP for dummies. It basically explains how to create connections without using connect(). 1) everyone knows how to change ulimit -n + bind() to establish hundreds of thousands of connections from a client to a server using source IP ranges, without even having to fiddle with raw sockets. 2) I don't see what is new in his stateless SYN/SYN-ACK/ACK method. To the best of my knowledge it's been used for ages in network testing. I even have a modified Netfilter TARPIT module designed to do that to stress network equipments with millions of connections when associated with a standard SYN flooder. I think these guys are just trying once again to get all the lights on them before revealing trivial things, as it's becoming more and more common. It's fantastic to see press journalists speculate on what the isue might be ! So unless they reveal anything serious, right now it looks like pure fantasy. Or maybe I wasn't able to find relevant information on the subject :-/ Regards, Willy
Current thread:
- CVE-2008-4609 / Outpost24 TCP issues Marcus Meissner (Sep 16)
- Re: [Security] CVE-2008-4609 / Outpost24 TCP issues Willy Tarreau (Sep 16)