Contributed by grey on from the world is not coming to an end, but patch anyway dept.
This patch is in response to Paul Watson's presentation from CanSecWest 2004, and we mentioned the problem in a previous story.
The erratum for this issue is posted here for 3.5 and here for 3.4 where you can find ftp links to the patches in question.
As Theo de Raadt commented from the audience during the Q&A session of Paul's presentation: OpenBSD's TCP stack is already rather robust against some of the problems Paul presented; thanks in part to OpenBSD's prevalent use of random port numbers, random ISN's and so on. This new patch adds additional paranoia.
If you are interested in reading more about the presentation to which this patch is in response, there is a mirrored copy of the Watson's power point presentation available here and a copy of Watson's original MS word file here. In each you will find various additional references of similar research cited at the end.
Naturally, Theo was not alone raising good points during the CanSecWest Q&A session. Mike Shiffman also pointed out another valuable reference not included in Watson's citations on similar material. The reference Shiffman mentioned should be of particular interest to undeadly readers if you have not already read it - namely, Tim Newsham's 2001 paper (in PDF format) The Problem With Random Increments. In Newsham's paper, OpenBSD's TCP stack implementation (circa 2.8) is featured prominently in a comparison of how several different TCP stacks measured up when subjected to techniques of the same vein as what Watson described.
(Comments are closed)
By Anthony (68.145.159.179) on http://homestar.sytes.net/