2

I'd like to ask a question about the IPv4 fragment manager in the Linux kernel (net/ipv4/inet_fragment.c). I don't understand why the structure inet_frags (include/net/inet_frag.h) has got an "rnd" field, which is obviously filled in with random numbers. I mean, I don't expect my IPv4 stack to reassemble my packets in a random order ^^.

Could you help me plz? Thx in advance. (Kernel 3.4.4)

4

1 回答 1

6

该实现使用散列来存储 IP 数据报片段。具有固定散列函数的散列表容易发生拒绝服务散列冲突攻击。因此,他们为每个哈希函数添加了一个随机种子以防止攻击。

请参阅http://www.iss.net/security_center/reference/vuln/linux-kernel-packets-dos.htm

Linux 内核容易受到拒绝服务的攻击,这是由于 TCP/IP 片段重组处理不当造成的。远程攻击者可以发送特制的数据包,这些数据包会导致大量哈希表冲突,从而消耗所有可用的 CPU 资源。

于 2012-08-29T09:54:57.627 回答