https://www.saddns.net/ discusses a DNS poisoning attack by leveraging network side channels by attempting to solicit ICMP_UNREACH_PORT replies. The source port number can be inferred from the rate at which ICMP_UNREACH_PORT is rate limited. The solution, as implemented on Linux, is randomize rate limiting. This patch randomizes icmplim with a modulus of a random number divided by icmplim. This patch introduces a new icmpden (ICMP denominator) which is used to calculate the modulus. An icmpden of zero disables randomization.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 35114
Event Timeline
Comment Actions
This patch is significantly smaller. The difference is icmplim could be exceeded by the modulus of the divisor whereas gnn's patch uses icmplim as an upper limit.
sys/netinet/ip_icmp.c | ||
---|---|---|
1141 | Should the rest of the function use icmp_bandlim instead of V_icmplim? |