On 2018-06-28 18:04:16 -0700, Dan Stromberg wrote: > On Thu, Jun 28, 2018 at 1:27 PM, Marko Rauhamaa <ma...@pacujo.net> wrote: > > Dan Stromberg <drsali...@gmail.com>: > > > On Wed, Jun 27, 2018 at 10:31 PM, Marko Rauhamaa <ma...@pacujo.net> > > > wrote: > > >> Dan Stromberg <drsali...@gmail.com>: > > >> >> > The problem can be solved by turning on the SO_REUSEADDR flag of > > >> >> > the socket. > > >> > BTW, it's a security feature you're turning off. If you're on a > > >> > multiuser box, it prevents a second user from stealing lingering > > >> > connections from a first user on the same port. [...] > Start an echo server process P that listens on tcp/5555. > > Initiate a connection from a client machine to process P at tcp/5555. It > works as expected. > > Kill P. > > Initiate a connection from a client machine to process P at tcp/5555. It > gives a connection refused as expected. > > If someone else comes along soon after and starts a different echo server > process Q at tcp/5555 on the same server, it starts up immediately if P > used SO_REUSEADDR. > > Then initiate a connection from the same (or different) client machine to > process P (which no longer exists). Q gets the data intended for P.
I don't think this is the issue TIME_WAIT is intended to prevent.
Firstly, why would this security issue stop to be a security issue after
two minutes? Secondly, it depends on the attacker not knowing about
SO_REUSEADDR, which seems overly optimistic.
What TIME_WAIT is IMHO intended to prevent is mixing up two TCP
connections:
You have just killed P, but some packets from a connection are still in
transit.
Now you start P again and one of the clients starts another connection.
While this connection is active, a packet from the previous connection
arrives. If its sequence number is in the right range, it will be
accepted as part of the current connection.
This can be prevented by not restarting the server until all packets for
old connections are guarantueed to have expired.
In practice this scenario is pretty unlikely: Not only has the client
have to get the same client port, it also needs to get the sequence
numbers (which are 32 bit numbers chosen at random at connection time)
just right.
OTOH, having to wait 2 minutes before you can restart your server is a
nuisance. Therefore, everybody uses SO_REUSEADDR.
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | h...@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
signature.asc
Description: PGP signature
-- https://mail.python.org/mailman/listinfo/python-list
