Bug 206945 - aaa
Summary: aaa
Status: RESOLVED DUPLICATE of bug 1
Alias: None
Product: Networking
Classification: Unclassified
Component: IPV4 (show other bugs)
Hardware: All Linux
: P1 high
Assignee: Stephen Hemminger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-25 08:49 UTC by fengxw18
Modified: 2020-03-25 09:15 UTC (History)
0 users

See Also:
Kernel Version: since kernel 3.9
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description fengxw18 2020-03-25 08:49:38 UTC 
Through sending a forged ICMP "Fragmentation Needed" message to the Linux host,
an off-path attacker can clear the DF (Don't Fragment) flag in IP header, thus
downgrading the IPID assignment for TCP datagrams from the more secure per-socket
based counter to hash based counter (since kernel version 3.9). Then the attacker
can detect a shared IPID counter via hash collisions, which forms a side-channel.
By observing the side channel, the attacker can hijack TCP connections on
the vulnerable Linux host completely off-path.
Comment 1 fengxw18 2020-03-25 09:15:34 UTC 

*** This bug has been marked as a duplicate of bug 1 ***
Note You need to log in before you can comment on or make changes to this bug.