> In the news, there's mention of a TCP vulnerability that may impact > LEAF. Apologies if this is not relevant to us.
This vulnerability is 3 years old. Linux was patched even then, so LEAF is ok :).
Any way you could expand on this, Peter? (Or anyone else?)
As I read the more technical summaries, the underlying vulnerability itself is extremely old but hard to exploit in practice. What's (relatively) new is that the interaction of the vulnerability itself with the, relatively recent, ability to set the TCP window (the receive buffer) to be as large as a gigabyte, makes systems that actually use very large TCP windows vulnerable in practical terms. (That's why the focus is on BGP; apparently many high-capacity routers running BGP use very large receive buffers.)
Older fixes -- the most common one is using a good randomizer to pick the starting Sequence Identifier and randomizing source-port selection -- do not address the new vulnerability. Keeping the receive buffer smaller does reduce the risk, by a lot.
So ... does Linux restrict the TCP window to a relatively safe size? (Most likely it does; even 64 KB, the old maximum, is quite safe.) Does it actually refuse to accept RST instructions unless the accompanying Sequence Identifier is the *exact* value expected? (I'm not even sure if this is in-spec for a TCP stack.) Does it do something else?
Or am I misunderstanding all of this stuff in some fundmental way?
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
