host unreach bug (was:Re: UnixWare)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Perry E. Metzger: "Re: UnixWare"
• Previous message: Carl Corey: "Re: UnixWare"

>Item: Many older systems, and at least one quite recent Ultrix version,
>are vulnerable to a denial-of-service attack that is often duplicated
>without malicious intent by firewalls: on receiving a single host
>unreachable, they summarily shut down all connections to that host;
>some may also do this for net unreachables, but I don't know.

I believe this was fixed in 4.3 - as when I was trying out tcpwrapper I did
whatever test they gave to find out if the bug existed, and it seemed to be
fixed.  

Ok, just read this from Wietse:  The bug is that the kernel doesn't pay
attention to the port numbers of the ICMP UNREACH and therefore nukes all
connections between the hosts.  The bug is present in the NET/1
distributions but fixed in NET/2.  It is present in Ultrix 4.3 but fixed
with CXO-8919.  I believe that we were running Ultrix 4.3a, which most
likely included the patch.

• Next message: Perry E. Metzger: "Re: UnixWare"
• Previous message: Carl Corey: "Re: UnixWare"