A fix is available
APAR status
Closed as program error.
Error description
An attacker may reset a TCP connection by guessing the host and receiver and the respective ports they are using.
Local fix
Problem summary
An attacker may reset a TCP connection by guessing the host and receiver and the respective ports they are using.
Problem conclusion
1) Any time a RST arrives and it does NOT have the same expected sequence number even though the sequence number is "in the window" that would be allowed, a current ACK is sent back to the peer. This will force a "challenge/response" situation that a blind attacker will not be able to penetrate. We achieve this at the expense of an extra RTT (round trip time) if the first RST is legitimate. 2) Any time a SYN segment arrives for a current connection, an ACK will be sent back (no matter what the sequence number is). This again will form a "challenge/response" since the receiver of such an ACK ( after validly restarting and sending SYN) will send a RST back with the correct sequence number. 3) For the data insertion attack the following simple fix will suffice. When a data segment arrives do not accept just any ACK value. Drop any segment whose ACK is less than (snd_una - max_window).
Temporary fix
Comments
APAR Information
APAR number
IY55949
Reported component name
AIX 5L POWER V5
Reported component ID
5765E6200
Reported release
520
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2004-04-20
Closed date
2004-05-07
Last modified date
2004-11-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 5L POWER V5
Fixed component ID
5765E6200
Applicable component levels
R520 PSY U498519
UP04/11/05 I 1000
PTF to Fileset Mapping
U498519 bos.net.tcp.client 5.2.0.50
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11M","label":"APARs - AIX 5.2 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"520","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 November 2004