Bugtraq mailing list archives

Re: Multicast from hell

From: oogali () INTRANOVA NET (Omachonu Ogali)
Date: Fri, 28 Jan 2000 07:09:50 -0500


That code will only work if the receiving host has no daemon listening on
that port, you're better off with Alfred's patch.
http://www.freebsd.org/~alred/tcp_fix.diff
(I think)

Omachonu Ogali
Intranova Networking Group

On Thu, 27 Jan 2000, John Watkins wrote:

 Here is a patch for FreeBSD

--- tcp_input.c.orig    Tue Apr 20 15:09:15 1999
+++ tcp_input.c Fri Jan 21 21:53:00 2000
@@ -398,12 +398,36 @@
                            "Connection attempt to TCP %s:%d from
%s:%d\n",
                            buf, ntohs(ti->ti_dport),
inet_ntoa(ti->ti_src),
                            ntohs(ti->ti_sport));
-               }
+               } else if (tiflags & TH_ACK) {
+                       /*
+                        * Alpha code in response to stream.c
+                        * - Omachonu Ogali
+                        */
+                       char buf[4*sizeof "123"];
+
+#ifdef ICMP_BANDLIM
+                       if (badport_bandlim(1) < 0)
+                               goto drop;
+#endif
+
+                       strcpy(buf, inet_ntoa(ti->ti_dst));
+                       log(LOG_INFO,
+                           "received TCP/ACK to non existant
connection: %s:%d -> %s:%d\n",
+                           inet_ntoa(ti->ti_src), ntohs(ti->ti_sport),
buf,
ntohs(ti->ti_dport));
+
+                       /*
+                        * Drop without reset to prevent smurf-like tcp
+                        * attack
+                        */
+
+                       goto drop;
+               } else {
 #ifdef ICMP_BANDLIM
                if (badport_bandlim(1) < 0)
                        goto drop;
 #endif
                goto dropwithreset;
+               }
        }
        tp = intotcpcb(inp);
        if (tp == 0)

Current thread:

Re: S/Key & OPIE Database Vulnerability, (continued)
- - - Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
    - "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
    - Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
    - Multicast from hell John Watkins (Jan 27)
    - Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
    - Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
    - Tempfile vulnerabilities foo (Jan 30)
    - [FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs] Patrick Oonk (Jan 28)
    - Re: Multicast from hell Omachonu Ogali (Jan 28)
    - FTPPro has weird features - Fwd: Important matter for your abuse department Cedric Amand (Jan 28)
    - New SCO patches... Aaron Sigel (Jan 27)
    - Qpopper security bug Zhodiac (Jan 26)
    - Re: S/Key & OPIE Database Vulnerability Dug Song (Jan 26)
    - Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Jan 26)
    - Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Mnemonix (Jan 26)
    - Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Fredrik Widlund (Jan 30)
    - Re: explanation and code for stream.c issues Nathan Ollerenshaw (Jan 21)