| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110401082049.03c59625@asmara>
Date: Fri, 1 Apr 2011 08:20:49 +0200
From: Florian Adamsky <florian-netdev@...msky.it>
To: Netdev <netdev@...r.kernel.org>
Subject: Duplicated Acknowledgments
Dear Kernel-Hackers,
I'm a security researcher and want to try out the opt-ack and lazy
opt-ack attack with different congestion avoidance systems and under
different environments. At first I want to dedicate myself to the lazy
opt-ack attack. For those of you how are not familiar with it: the
attacker has an modified TCP/IP stack which doesn't send any duplicated
acknowledgements. If the receiver is in slow start and doesn't get any
duplicated ack, he will introduce more and more packets into the
network. [1]
I'm not a kernel hacker but I know a litte bit of C. So I found the
function "tcp_send_dupack()". Additionally I wrote a sysctl for it to
activate and deactivate this behaviour. After trying this out I don't
get the expected results. I start to analyze my pcap file with tcptrace
and it says the attacker sends 22 duplicated acks. Attached you'll find
my changes on the code I made. I want to be absolutely sure that I
don't miss anything, so is there any other place in the source I have
to modify?
Thank you very much in advance. Btw I know that window updates are
looking like duplicated acks, I only want to be sure that the kernel is
not sending any duplicated acks.
Best wishes,
Florian
[1] http://www.cs.umd.edu/~capveg/optack/optack-extended.pdf
--- /home/cit/linux-source-2.6.35/include/net/tcp.h 2011-03-01
15:40:39.000000000 +0100 +++ include/net/tcp.h 2011-03-25
22:57:08.403570245 +0100 @@ -205,6 +205,7 @@
extern int sysctl_tcp_timestamps;
extern int sysctl_tcp_window_scaling;
extern int sysctl_tcp_sack;
+extern int sysctl_tcp_send_dupack;
extern int sysctl_tcp_fin_timeout;
extern int sysctl_tcp_keepalive_time;
extern int sysctl_tcp_keepalive_probes;
--- /home/cit/linux-source-2.6.35/net/ipv4/sysctl_net_ipv4.c
2010-08-02 00:11:14.000000000 +0200 +++
net/ipv4/sysctl_net_ipv4.c 2011-03-25 22:44:32.687914571 +0100
@@ -141,6 +141,13 @@ .mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .procname = "tcp_send_dupack",
+ .data = &sysctl_tcp_send_dupack,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{
.procname = "tcp_retrans_collapse",
.data = &sysctl_tcp_retrans_collapse,
--- /home/cit/linux-source-2.6.35/net/ipv4/tcp_input.c
2011-03-01 15:40:39.000000000 +0100 +++ net/ipv4/tcp_input.c
2011-03-25 22:16:21.045352995 +0100 @@ -76,6 +76,7 @@
int sysctl_tcp_timestamps __read_mostly = 1;
int sysctl_tcp_window_scaling __read_mostly = 1;
int sysctl_tcp_sack __read_mostly = 1;
+int sysctl_tcp_send_dupack __read_mostly = 1;
int sysctl_tcp_fack __read_mostly = 1;
int sysctl_tcp_reordering __read_mostly = TCP_FASTRETRANS_THRESH;
int sysctl_tcp_ecn __read_mostly = 2;
@@ -5154,7 +5155,8 @@
tcp_paws_discard(sk, skb)) {
if (!th->rst) {
NET_INC_STATS_BH(sock_net(sk),
LINUX_MIB_PAWSESTABREJECTED);
- tcp_send_dupack(sk, skb);
+ if (sysctl_tcp_send_dupack)
+ tcp_send_dupack(sk, skb);
goto discard;
}
/* Reset is accepted even if it did not pass PAWS. */
@@ -5169,7 +5171,8 @@
* bit is set, if so drop the segment and return)".
*/
if (!th->rst)
- tcp_send_dupack(sk, skb);
+ if (sysctl_tcp_send_dupack)
+ tcp_send_dupack(sk, skb);
goto discard;
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists