LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Nebojsa Miljanovic <neb@alcatel-lucent.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-kernel@vger.kernel.org, "Kittlitz,
	Edward (Ned)" <nkittlitz@alcatel-lucent.com>,
	asweeney@alcatel-lucent.com, "Polhemus,
	William (Bart)" <bpolhemus@alcatel-lucent.com>
Subject: Re: SO_REUSEADDR not allowing server and client to use same port
Date: Mon, 17 Mar 2008 13:17:29 -0500	[thread overview]
Message-ID: <47DEB5B9.4030905@alcatel-lucent.com> (raw)
In-Reply-To: <20080317173021.28e6fd97@core>

OK. I see. So, it would have to be some malicious application running together
with the server (i.e. on the same CPU). I do see now why you said it would be
very very hard to make this happen.

Still, it would be nice to introduce SO_REUSEPORT socket options so secure
servers (who happen to be clients as well) can re-use ports when necessary.

Another option would be to check if port re-use is happening inside same
application and allow it. That may make half of the folks happy, so I am not
sure if I like it as much as I like SO_REUSEPORT option.

Thanks,
Neb


On 3/17/2008 12:30 PM, Alan Cox wrote:
> On Mon, 17 Mar 2008 11:43:28 -0500
> Nebojsa Miljanovic <neb@alcatel-lucent.com> wrote:
> 
> 
>>Alan,
>>thanks. With that additional INFO, I was able to find detailed description of
>>this denial of service attack (attached below).
>>Just to clarify. Having this port re-use check prevents folks from launching
>>this attack as opposed to being victim of it?
> 
> 
> Different issue. I can hijack a connection.
> 
> Imagine I have a server bound to *.5000, and someone is about to connect.
> If on the server box I am able to bind and issue a connect outwards
> matching the inbound connection I will get the connection not the server.



  reply	other threads:[~2008-03-17 18:17 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-28 18:15 Nebojsa Miljanovic
2008-02-28 18:30 ` Phil Oester
2008-02-28 20:19 ` Alan Cox
2008-02-28 20:41   ` Willy Tarreau
2008-03-13 19:18   ` Nebojsa Miljanovic
2008-03-15 13:34     ` Alan Cox
2008-03-17 16:43       ` Nebojsa Miljanovic
2008-03-17 17:30         ` Alan Cox
2008-03-17 18:17           ` Nebojsa Miljanovic [this message]
2008-03-18  5:48             ` Willy Tarreau
2008-02-28 20:36 ` Willy Tarreau
2008-02-28 20:44   ` Nebojsa Miljanovic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47DEB5B9.4030905@alcatel-lucent.com \
    --to=neb@alcatel-lucent.com \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=asweeney@alcatel-lucent.com \
    --cc=bpolhemus@alcatel-lucent.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nkittlitz@alcatel-lucent.com \
    --subject='Re: SO_REUSEADDR not allowing server and client to use same port' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).