Hello ! Today I found a firewall running kernel 2.4.25 and shorewall 2.0.1 with these messages in the logs: Apr 28 02:19:14 firewall kernel: dst cache overflow Apr 28 02:19:14 firewall last message repeated 9 times Such an issue was dicussed here http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html for kernel <2.4.21 but I think there is a vulnerability in 2.4.25. Has anyone the same problem ? Is it only a problem in the routing code or might netfilter be involved ? -- __________________________________________________ Ralf Schenk fon (02 41) 9 91 21-0 fax (02 41) 9 91 21-59 rs@databay.de Databay AG Hüttenstraße 7 D-52068 Aachen www.databay.de Databay - einfach machen. _________________________________________________ Diese E-Mail und etwa angehängte Dateien enthalten vertrauliche Informationen und sind ausschließlich für den Adressaten bestimmt. Sollten Sie irrtümlich diese E-Mail erhalten haben, bitten wir Sie, uns darüber unter info@databay.de zu informieren und die E-Mail aus Ihrem System zu löschen. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify info@databay.de. If you are not the named recipient, you should return this message and delete it from your system.
Ralf Schenk wrote:> > Has anyone the same problem ? Is it only a problem in the routing code > or might netfilter be involved ? >I''ve not seen it -- the problem as described at the URL you posted is associated with the hash function used to index the route cache and so it doesn''t involve Netfilter directly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Will do. ------------------------------------------- Tyler Davis Sonic Development tdavis@sonicdev.com ------------------------------------------- Historia est vitae magistra. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, April 28, 2004 9:44 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Linux dst cache overflow Ralf Schenk wrote:> > Has anyone the same problem ? Is it only a problem in the routing code > or might netfilter be involved ? >I''ve not seen it -- the problem as described at the URL you posted is associated with the hash function used to index the route cache and so it doesn''t involve Netfilter directly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Wrong list sorry! -----Original Message----- From: shorewall-users-bounces+tdavis=sonicdev.com@lists.shorewall.net [mailto:shorewall-users-bounces+tdavis=sonicdev.com@lists.shorewall.net] On Behalf Of Tyler Davis Sent: Wednesday, April 28, 2004 9:55 AM To: ''Mailing List for Shorewall Users'' Subject: RE: [Shorewall-users] Linux dst cache overflow Will do. ------------------------------------------- Tyler Davis Sonic Development tdavis@sonicdev.com ------------------------------------------- Historia est vitae magistra. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, April 28, 2004 9:44 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Linux dst cache overflow Ralf Schenk wrote:> > Has anyone the same problem ? Is it only a problem in the routing code > or might netfilter be involved ? >I''ve not seen it -- the problem as described at the URL you posted is associated with the hash function used to index the route cache and so it doesn''t involve Netfilter directly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Tom Eastep wrote:> Ralf Schenk wrote: > >> >> Has anyone the same problem ? Is it only a problem in the routing code >> or might netfilter be involved ? >> > > I''ve not seen it -- the problem as described at the URL you posted is > associated with the hash function used to index the route cache and so > it doesn''t involve Netfilter directly. >Just read further -- it appears that the Netfilter code *previously* used a similar algorithm for it''s hash table. By my reading, in 2.4.25 both the routing and netfilter code use an improved keyed hash based on a random key. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net