Re: SO_REUSEADDR not allowing server and client to use same port

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Nebojsa Miljanovic <neb@...>

Cc: <linux-kernel@...>, Kittlitz, Edward (Ned) <nkittlitz@...>, <asweeney@...>, Polhemus, William (Bart) <bpolhemus@...>

Subject: Re: SO_REUSEADDR not allowing server and client to use same port

Date: Saturday, March 15, 2008 - 9:34 am

On Thu, 13 Mar 2008 14:18:15 -0500
Nebojsa Miljanovic <neb@alcatel-lucent.com> wrote:

quoted text> Alan,
> I would appreciate it if you could elaborate on the security issue. Can you
> describe the simultaneous connect scenario?
> 
> We have a system we are migrating to Linux from Lynx. We have always had the
> ability to re-use ports. We are wondering if this security issue is something we
> should take seriously. Or, maybe it is not likely to be seen with our system
> running well defined set of applications (i.e. not a PC where anybody could run
> anything).

See RFC 793. It is permissible for a connection to be created between two
end points both making a connection (crossing SYN frames are both
acked). Thus if you allow such reuse it is possible (although usually
very very hard) to mount a timing based attack.

It's not a very practical attack in most scenarios so we block it out of
correctness and concerns for completely robust and proper behaviour
rather than because it is seen in the wild.

Alan
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: SO_REUSEADDR not allowing server and client to use same ..., Nebojsa Miljanovic, (Thu Mar 13, 3:18 pm)

Re: SO_REUSEADDR not allowing server and client to use same ..., Alan Cox, (Sat Mar 15, 9:34 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Andi Kleen	[PATCH x86] [6/16] Add a new arch_early_alloc() interface for x86-64
Jay L. T. Cornwall	2.6.22-rc5: pdflush oops under heavy disk load
Adrian Bunk	If you want me to quit I will quit
H. Willstrand	Re: AMD Quad Core clock problem?
git:
Pietro Mascagni	GIT vs Other: Need argument
Wink Saville	Resolving conflicts
Wink Saville	Using git with Eclipse
Toby White	Using Filemerge.app as a git-diff viewer
openbsd-misc:
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Beavis	mutiple pptp pass-through PF
Andrei Pirvan	apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4
STeve Andre'	Re: Perpetually Current
linux-netdev:
Herbert Xu	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Denys	r8169 crash
David Miller	Re: [crash] BUG: unable to handle kernel NULL pointer dereference at 0000000000000...
Jianjun Kong	[PATCH 2/6] nets: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c ...

Latest forum posts


Calling functions from system call	12 hours ago	Linux kernel
drivers for motherboard d101ggc	19 hours ago	Linux general
Tune CFS for htpc usage to decoding HD 1080p x264 video streams	1 day ago	Linux kernel
How to write in kernel memory	1 day ago	Linux kernel
linux_wrappers.c:306: error: unknown field ‘nopage’ specified in initializer	1 day ago	Linux kernel
Packet Replay Check	1 day ago	FreeBSD
Cannot rdr from internal network to a squid proxy running on pf bridge firewall.	2 days ago	OpenBSD
Cannot compile kernel modules	2 days ago	Linux kernel
Intelligent enclosure (SES, SAF-TE) monitoring & configuration	4 days ago	Applications and Utilities
I/O operations	4 days ago	Linux kernel

Show all forums...

Recent Tags

more tags

Colocation donated by: