LKML Archive on
help / color / mirror / Atom feed
From: Nebojsa Miljanovic <>
To: Alan Cox <>
Cc:, "Kittlitz,
	Edward (Ned)" <>,, "Polhemus,
	William (Bart)" <>
Subject: Re: SO_REUSEADDR not allowing server and client to use same port
Date: Mon, 17 Mar 2008 13:17:29 -0500	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <20080317173021.28e6fd97@core>

OK. I see. So, it would have to be some malicious application running together
with the server (i.e. on the same CPU). I do see now why you said it would be
very very hard to make this happen.

Still, it would be nice to introduce SO_REUSEPORT socket options so secure
servers (who happen to be clients as well) can re-use ports when necessary.

Another option would be to check if port re-use is happening inside same
application and allow it. That may make half of the folks happy, so I am not
sure if I like it as much as I like SO_REUSEPORT option.


On 3/17/2008 12:30 PM, Alan Cox wrote:
> On Mon, 17 Mar 2008 11:43:28 -0500
> Nebojsa Miljanovic <> wrote:
>>thanks. With that additional INFO, I was able to find detailed description of
>>this denial of service attack (attached below).
>>Just to clarify. Having this port re-use check prevents folks from launching
>>this attack as opposed to being victim of it?
> Different issue. I can hijack a connection.
> Imagine I have a server bound to *.5000, and someone is about to connect.
> If on the server box I am able to bind and issue a connect outwards
> matching the inbound connection I will get the connection not the server.

  reply	other threads:[~2008-03-17 18:17 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-28 18:15 Nebojsa Miljanovic
2008-02-28 18:30 ` Phil Oester
2008-02-28 20:19 ` Alan Cox
2008-02-28 20:41   ` Willy Tarreau
2008-03-13 19:18   ` Nebojsa Miljanovic
2008-03-15 13:34     ` Alan Cox
2008-03-17 16:43       ` Nebojsa Miljanovic
2008-03-17 17:30         ` Alan Cox
2008-03-17 18:17           ` Nebojsa Miljanovic [this message]
2008-03-18  5:48             ` Willy Tarreau
2008-02-28 20:36 ` Willy Tarreau
2008-02-28 20:44   ` Nebojsa Miljanovic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \
    --subject='Re: SO_REUSEADDR not allowing server and client to use same port' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).