OpenBSD Journal

TCP Reliability fix for 3.5 and 3.4

Contributed by grey on from the world is not coming to an end, but patch anyway dept.

Thanks to Brad Smith for pointing out that there was a reliability fix committed to OpenBSD 3.5-stable & 3.4-stable on May 6th, 2004. From the patch description, this fix makes the following change to OpenBSD's TCP stack implementation: "Reply to in-window SYN with a rate-limited ACK."

This patch is in response to Paul Watson's presentation from CanSecWest 2004, and we mentioned the problem in a previous story.

The erratum for this issue is posted here for 3.5 and here for 3.4 where you can find ftp links to the patches in question.

As Theo de Raadt commented from the audience during the Q&A session of Paul's presentation: OpenBSD's TCP stack is already rather robust against some of the problems Paul presented; thanks in part to OpenBSD's prevalent use of random port numbers, random ISN's and so on. This new patch adds additional paranoia.

If you are interested in reading more about the presentation to which this patch is in response, there is a mirrored copy of the Watson's power point presentation available here and a copy of Watson's original MS word file here. In each you will find various additional references of similar research cited at the end.

Naturally, Theo was not alone raising good points during the CanSecWest Q&A session. Mike Shiffman also pointed out another valuable reference not included in Watson's citations on similar material. The reference Shiffman mentioned should be of particular interest to undeadly readers if you have not already read it - namely, Tim Newsham's 2001 paper (in PDF format) The Problem With Random Increments. In Newsham's paper, OpenBSD's TCP stack implementation (circa 2.8) is featured prominently in a comparison of how several different TCP stacks measured up when subjected to techniques of the same vein as what Watson described.

(Comments are closed)


Comments

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]