The TCP persist condition issue

Release Found: Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.

Problem

A denial of service flaw in the way TCP connections are maintained when receiving a zero byte receive window has been discussed. This flaw allows an attacker (the receiver) to consistently advertise a zero byte receive window, instructing the sender to maintain the TCP connection and probe the receiver until the receiver is ready to receive data. This is referred to as the TCP persist condition. This can cause the sender to consume system resources, eventually leading to a denial of service.

This issue (Red Hat Bugzilla bug 529652) is described in more detail in the CERT Vulnerability Note VU#723308 from the CERT Coordination Center (CERT/CC), and in the "Clarification of sender behaviour in persist condition" IETF Internet-Draft.

Red Hat would like to thank the CERT/CC for informing us about this issue.

Mitigation

The attacks described in the CERT Vulnerability Note VU#723308 target a design limitation of the TCP protocol. Due to upstream's decision not to release updates, Red Hat do not plan to release updates to resolve this issue; however, the effects of these attacks can be reduced. Refer to the Solution section of the CERT Vulnerability Note for information on possible mitigation techniques, originally provided in the CPNI assessment.