RE: PAWS security vulnerability

• Previous message: paul klatt: "dsl setup"
• In reply to: Tim Traver: "PAWS security vulnerability"
• Next in thread: Tim Traver: "Re: PAWS security vulnerability"
• Reply: Tim Traver: "Re: PAWS security vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Tim Traver" <tt-list@simplenet.com>, "bsd" <freebsd-questions@freebsd.org>
Date: Thu, 19 May 2005 12:05:08 -0700

Hi Tim,

  Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the
FreeBSD
security list. The only change I made is OpenBSD defines "tiflags"
FreeBSD defines
"thflags" I assume they are the same thing. The file is in
/usr/src/sys/netinet

Turning off the timestamps would be a good way to make your network go
slow.

*** tcp_input.c.original Thu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***************
*** 976,984 ****
--- 976,992 ----
                 * record the timestamp.
                 * NOTE that the test is modified according to the latest
                 * proposal of the tcplw@cray.com list (Braden
1993/04/26).
+ * NOTE2 additional check added as a result of PAWS
vulnerability
+ * documented in Cisco security notice
cisco-sn-20050518-tcpts
+ * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
                 */
                if ((to.to_flags & TOF_TS) != 0 &&
                    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+ if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
+
+ ((thflags & (TH_SYN|TH_FIN)) != 0)))
+ tp->ts_recent = to.to_tsval;
+ else
+ tp->ts_recent = 0;
                        tp->ts_recent_age = ticks;
                        tp->ts_recent = to.to_tsval;
                }

Ted

> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tim Traver
> Sent: Thursday, May 19, 2005 10:09 AM
> To: bsd
> Subject: PAWS security vulnerability
>
>
> Hi all,
>
> ok, this article was just published about a PAWS TCP DOS
> vulnerability,
> and lists freeBSD 4.x as affected.
>
> http://www.securityfocus.com/bid/13676/info/
>
> Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>
> and is 5.4 affected too ?
>
> Tim.
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: paul klatt: "dsl setup"
• In reply to: Tim Traver: "PAWS security vulnerability"
• Next in thread: Tim Traver: "Re: PAWS security vulnerability"
• Reply: Tim Traver: "Re: PAWS security vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: can you help me decide ... FreeBSD, ... > NetBSD, and OpenBSD, i have almost narrowed it down. ... > worried about security than portability so i guess that leaves OpenBSD ... To unsubscribe, ... (freebsd-questions) Porting the OpenBSD free Atheros HAL ... I was just wondering if anybody was working on porting the new ... open-source Atheros HAL from OpenBSD to FreeBSD yet. ... To unsubscribe, ... (freebsd-hackers) Re: PF? Any plans? ... >> I read awhile back that there was talk about importing PF ... >> If OpenBSD had firewire support I would use it as I LOVE PF. ... >> in FreeBSD then I would have the best of both worlds. ... To unsubscribe, ... (freebsd-current) installing bsd on a laptop ... do you know of any laptop brands that can run freebsd or openbsd that ... is available to purchase??? ... To unsubscribe, ... (freebsd-questions) Ipv6 mbuf vulnerability ... Does anyone know if FreeBSD 4.x or 5.x is affected by the Ipv6 mbuf ... just like OpenBSD? ... (freebsd-hackers)