lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170505.120043.1050625612733133272.davem@davemloft.net> Date: Fri, 05 May 2017 12:00:43 -0400 (EDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: fw@...len.de, netdev@...r.kernel.org, ycheng@...gle.com Subject: Re: [PATCH v3 net] tcp: randomize timestamps on syncookies From: Eric Dumazet <eric.dumazet@...il.com> Date: Fri, 05 May 2017 06:56:54 -0700 > From: Eric Dumazet <edumazet@...gle.com> > > Whole point of randomization was to hide server uptime, but an attacker > can simply start a syn flood and TCP generates 'old style' timestamps, > directly revealing server jiffies value. > > Also, TSval sent by the server to a particular remote address vary > depending on syncookies being sent or not, potentially triggering PAWS > drops for innocent clients. > > Lets implement proper randomization, including for SYNcookies. > > Also we do not need to export sysctl_tcp_timestamps, since it is not > used from a module. > > In v2, I added Florian feedback and contribution, adding tsoff to > tcp_get_cookie_sock(). > > v3 removed one unused variable in tcp_v4_connect() as Florian spotted. > > Fixes: 95a22caee396c ("tcp: randomize tcp timestamp offsets for each connection") > Signed-off-by: Eric Dumazet <edumazet@...gle.com> > Reviewed-by: Florian Westphal <fw@...len.de> > Tested-by: Florian Westphal <fw@...len.de> Applied and queued up for -stable, thanks Eric.
Powered by blists - more mailing lists