Project

General

Profile

Actions

Bug #15042

closed

Potential TCP connection denial of service attack from spoofed RST packets processed by PF

Added by Jim Pingle 12 months ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09.1
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

There is a report (attached) that claims that a third party attacker can send TCP RST packets with a spoofed source and arbitrary sequence numbers for a wide range of ports and PF will remove a NAT state matching the src/dst without validating the sequence number matches the window of an ongoing connection.

The report doesn't make it clear if this is a new issue (or even which version of pfSense was tested), but if it's legitimate it almost certainly affects PF upstream as well.

Kristof said he'd take a look at the code there and see if he could find any issues.


Files

Actions

Also available in: Atom PDF