On 5/17/07, Mike C <smith.not.western@xxxxxxxxx> wrote:
I am using an iptables 1.3.5 based setup and wonder if there are any tools or techniques available to prevent or mitigate the TCP RST spoofing issue (http://osvdb.org/displayvuln.php?osvdb_id=4030)
I just realised that I posted the wrong issue. The one I am referring to is where a third party sends a RST with a sequence number less than the current window, which is still treated as a valid RST by the end point.
From http://www.securityfocus.com/archive/1/361009 - "the 4.4BSD stack
from which NetBSD's stack is derived, did not even check that a RST's sequence number was inside the window. RSTs anywhere to the left of the window were treated as valid." I should outline my situation a bit more. I have a firewall that I want to prevent passing illegal RST packets to an inside host. In my case the host is patched against this issue, but this may not always be the case, so need to stop the invalid resets from traversing the firewall in the first place. Regards, Mike
