lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 8 Oct 2008 19:07:39 +0200
From:	Willy Tarreau <>
To:	David Miller <>
Subject: Re: [PATCH] add a sysctl to disable TCP simultaneous connection opening

On Wed, Oct 08, 2008 at 09:42:12AM -0700, David Miller wrote:
> I'm not really interested in applying this.


> You can make the same argument for just about any queer corner case
> aspect of TCP.

Not exactly since there are very few corner cases not conditionned by
guessing a 32-bit sequence number, and this one certainly is.

> The world hasn't ended even though this patch hasn't applied since
> 2005

Oh don't take me wrong. I'm pretty much convinced this is not critical at
all. It's just that it's a tempting attack vector for an easy DoS proof
of concept relying on a feature not even usable today.

> and that's a good argument to not apply "yet another random knob"
> to the kernel.

OK for the random knob. If you feel comfortable with a patch to simply remove
the feature, I can send you such a patch too. BTW, the strange netstat output
I got also shows that the code paths involved to support this feature are not
much exercised, which would be another argument to disable it.

Anyway, I'm not trying to put any pressure. I can continue to live with the
ifdef patch in my trees. I just wanted to get your opinion on this one since
the discussion I initiated about it in 2005 brought to nowhere.


To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists