Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of nicholas (3034)

Friday November 06, 2009
03:32 PM

The return of the quiet time?

[ #39852 ]

We were having some fun at work, with TCP not doing what we expected. Strangely, it looks like (not confirmed) the Linux IP filter considers that a connection in FIN_WAIT_2 isn't covered by "ESTABLISHED" if the connection is going via a router, but is if it's to a machine directly connected. I say "not confirmed" because it wasn't me checking this, and this makes no sense, as what does the IP stack know about routing - that's an Ethernet level thing, surely?

Anyway, as a side effect, it threw up this rather interesting snippet on page 246 of TCP/IP Illustrated: The protocols

To protect against this scenario, RFC 793 states that TCP should not create any connections for MSL seconds after rebooting. This is called the quiet time.

Few implementations abide by this, as most hosts take longer than MSL seconds to reboot after a crash.

That's not true any more. Linux developers are working really hard to reduce the boot time. The goal is of the order of 5 seconds. That's much less than the Maximum Segment Lifetime, which the standard says is 120 seconds, but can be reduced.

So, is it exploitable? I wondered what mischief can one make by taking advantage of this...

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.