Re: CVS commit: src

To: christos%zoulas.com@localhost
Subject: Re: CVS commit: src
From: itojun%itojun.org@localhost (Jun-ichiro itojun Hagino)
Date: Tue, 27 Apr 2004 02:06:56 +0900 (JST)

> In article <87wu43x7hm.fsf%snark.piermont.com@localhost>,
> Perry E. Metzger <perry%piermont.com@localhost> wrote:
> >
> >Jonathan Stone <jonathan%netbsd.org@localhost> writes:
> >> NOTE: This version has two potential flaws. First, I do see any code
> >> that verifies recieved TCP-MD5 signatures.
> >
> >That's not a "potential flaw" -- that makes it useless. :(
> >
> >Perry
> 
> No, it is still useful because some routers will not accept non-md5 sessions.
> So to interoperate properly the minimum we have to do is send m5 packets and
> accept m5 packets.

        i agree with perry.  if NetBSD side does not check signature
        (in fact, it does not check *the existence* of signature either)
        malicious party can throw bogus packets to NetBSD side, and tear down
        connection (or whatever).

itojun

Follow-Ups:
- Re: CVS commit: src
  - From: Christos Zoulas

References:
- Re: CVS commit: src
  - From: Christos Zoulas

Prev by Date: CVS commit: src/sbin/tunefs
Next by Date: CVS commit: src/sys/fs/smbfs
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index