Actions
Bug #15042
closedPotential TCP connection denial of service attack from spoofed RST packets processed by PF
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.09.1
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
There is a report (attached) that claims that a third party attacker can send TCP RST packets with a spoofed source and arbitrary sequence numbers for a wide range of ports and PF will remove a NAT state matching the src/dst without validating the sequence number matches the window of an ongoing connection.
The report doesn't make it clear if this is a new issue (or even which version of pfSense was tested), but if it's legitimate it almost certainly affects PF upstream as well.
Kristof said he'd take a look at the code there and see if he could find any issues.
Files
Actions