Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service Vulnerability

A denial-of-service vulnerability exists for the TCP RFC 1323. The issue resides in the Protection Against Wrapped Sequence Numbers (PAWS) technique that was included to increase overall TCP performance.

When TCP 'timestamps' are enabled, both hosts at the endpoints of a TCP connection employ internal clocks to mark TCP headers with a 'timestamp' value.

When TCP PAWS is configured to employ timestamp values, this functionality exposes TCP PAWS implementations to a denial-of-service vulnerability.

The issue manifests if an attacker transmits a sufficient TCP PAWS packet to a vulnerable computer. The attacker sets a large value as the packet timestamp. When the target computer processes this packet, the internal timer is updated to the large value that the attacker supplied. This causes all other valid packets that are received subsequent to an attack to be dropped, because they are deemed to be too old or invalid. This type of attack will effectively deny service for a target connection.


Privacy Statement
Copyright 2010, SecurityFocus