Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect TCP in from malicious packets #10

Open
tabascoeye opened this issue Jul 8, 2014 · 1 comment
Open

Protect TCP in from malicious packets #10

tabascoeye opened this issue Jul 8, 2014 · 1 comment
Labels
enhancement

Comments

@tabascoeye
Copy link
Owner

the tcp_input() function is checking for multicast or broadcast packets and drops them because they shouldn't be processed there.

This should be extended to also drop the following potentially malicious packets:

  • suspected TCP LAND attacks (src ip == dst ip == local IP of host)
  • packets fro IP src 0.0.0.0
@tabascoeye
Copy link
Owner Author

in src\core\tcp_in.c change function tcp_input():

  /* Don't even process incoming useless or malicious packets
   * - broadcasts/multicasts,
   * - suspected TCP LAND attacks (if the current interface is NOT a Loopback interface)
   * - Packets from IP source 0.0.0.0 */
  if (ip_addr_isbroadcast(&current_iphdr_dest, inp) ||
      ip_addr_ismulticast(&current_iphdr_dest) ||
     (ip_addr_cmp(&(iphdr->src), &(iphdr->dest)) && ip_addr_cmp(&(iphdr->src), &(inp->ip_addr)) && !ip_addr_isloopback(&(inp->ip_addr))) ||
      ip_addr_isany(&current_iphdr_src)) {
    TCP_STATS_INC(tcp.proterr);
    goto dropped;
  }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tabascoeye