COMMAND

    TCP stack

SYSTEMS AFFECTED

    Linux 2.1.53 and all the rest

PROBLEM

    Duncan Simpson inspired by an  article in phrack that checked  for
    ports by using bugs:

        1) Send an ACK and FIN packet.  If you get an RST the port  is
           not listenning
        2) Send an ACk  and check the RST  for ttl decrease or  window
           expansion (either means listenning)

    Duncan discovered another bug. If  you send a packet with  FIN but
    not ACK  set then  Linux will  disgard the  packet if  the port is
    listening  and  send  RST  if  not.   This  allows  "sleath"  port
    scanning...  not good.  Anyway, it's the way the protocol is
    defined. Worse still a FIN to a listening port in itself is
    legitimate for some TCP close down paths. You have to ignore the
    out of sequence FIN for the protocol to work and you have to RST
    it for connection close down to work.

SOLUTION

    Roll  on  IPv6  with  proper  security  built  in...  and  helpful
    tehnnology  like  policy  routing  so  that  IP  address  goes  in
    different  directions  for  different  people---Linux  2.1.x  both
    already.