Diffusion FreeBSD src repository 923c223f27e7

icmp: use per rate limit randomized jitter
923c223f27e7
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

icmp: use per rate limit randomized jitter

Using the same random jitter for multiple rate limits allows an
attacker to use one rate limiter to figure out the current jitter
and then use this knowledge to de-randomize the other rate limiters.
This can be mitigated by using a separate randomized jitter for each
rate limiter.
This issue was reported as issue number 10 in Keyu Man et al.:
SCAD: Towards a Universal and Automated Network Side-Channel
Vulnerability Detection

Reviewed by: rrs, Peter Lei, glebius
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48804

Details

Provenance

Authored on Mon, Feb 10, 9:16 PM

Reviewer

Differential Revision

D48804: icmp: use per rate limit randomized jitter

Parents

rG0b707d5fe8b6: ssh: Disable support for DSA keys

Branches

Unknown

Tags

Unknown

Event Timeline

tuexen committed rG923c223f27e7: icmp: use per rate limit randomized jitter (authored by tuexen).Mon, Feb 10, 9:16 PM

tuexen added an edge: D48804: icmp: use per rate limit randomized jitter.Mon, Feb 10, 9:21 PM

tuexen mentioned this in rGccd9c1ef4e90: icmp: use per rate limit randomized jitter.Wed, Feb 12, 10:05 AM

tuexen mentioned this in rGe1dd07ede923: icmp: use per rate limit randomized jitter.Wed, Feb 12, 2:07 PM

tuexen mentioned this in rGcd91df3292bf: icmp: use per rate limit randomized jitter.Thu, Feb 13, 4:47 PM

Changes (2)

Path

Size

sys/

netinet/

netinet6/

rG923c223f27e7

sys/netinet/ip_icmp.c

Loading...

sys/netinet6/icmp6.c

Loading...